Hosting security stuff
Turn off following settings in php.ini file
1.allow_url_fopen
allow_url_fopen allows PHP's functions such as file_get_contents() and the include and require statements can retrieve data from remote locations like an FTP or http protocol and could lead to code injection vulnerabilities,
You should disable allow_url_fopen in the php.ini file:
; Disable allow_url_fopen for security reasons
allow_url_fopen = 'off'
The setting can also be disabled in apache's httpd.conf file:
# Disable allow_url_fopen for security reasons
php_flag allow_url_fopen off
If you are using shared hosting use my php.ini file
2. display_errors setting
It should be turned off in production environment to hide annoying error messages.instead of showing erro messages we log them into to log file.
;in php.ini file
display_errors=off
log_errors =off
# Disable display_errors for security reasons
php_flag display_errors off
php_flag log_errors on
3.magic_quotes_gpc
When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NULs are escaped with a backslash automatically. This is to prevent all sorts of injection security issues.
;in php.ini file
magic_quotes_gpc=off
Joomla security stuff
1. Use latest Joomla security update
Get latest joomla updates from here http://joomlacode.org/gf/project/joomla/frs/
2. All the sql injection takes place through the jos_users table , first off all change the databse prefix
execute the following queries to change table prefix names
SELECT CONCAT('RENAME TABLE ', GROUP_CONCAT('`', TABLE_SCHEMA, '`.`', TABLE_NAME, '` TO `', TABLE_SCHEMA, '`.`yourprefix_', TABLE_NAME, '`')) AS q
FROM `information_schema`.`Tables` WHERE TABLE_SCHEMA='yourdatabasename';
Change the prefix name value in configuration.php file also
var $dbprefix = 'yourprefix_';
3.Use only secure third party plugins and keep them updated
4.Use secure username and password for administrators
use strongpasswordgenerator.com or some other tool to generate strong password
5.Use an SEF component that makes your Joomla more secure
use .htaccess files provided with joomla package (just rename htaccess.txt to .htaccess)
6.Write-protect your Joomla configuration file (make unwriteable)
set 444 permission to configuration.php
7.Delete Joomla templates and unnecessary files/folders that you do not use
Turn off following settings in php.ini file
1.allow_url_fopen
allow_url_fopen allows PHP's functions such as file_get_contents() and the include and require statements can retrieve data from remote locations like an FTP or http protocol and could lead to code injection vulnerabilities,
You should disable allow_url_fopen in the php.ini file:
; Disable allow_url_fopen for security reasons
allow_url_fopen = 'off'
The setting can also be disabled in apache's httpd.conf file:
# Disable allow_url_fopen for security reasons
php_flag allow_url_fopen off
If you are using shared hosting use my php.ini file
2. display_errors setting
It should be turned off in production environment to hide annoying error messages.instead of showing erro messages we log them into to log file.
;in php.ini file
display_errors=off
log_errors =off
# Disable display_errors for security reasons
php_flag display_errors off
php_flag log_errors on
3.magic_quotes_gpc
When magic_quotes are on, all ' (single-quote), " (double quote), \ (backslash) and NULs are escaped with a backslash automatically. This is to prevent all sorts of injection security issues.
if input data contains single or multiple quotes, data automatically escaped with slashes so multiply the problem by repeatedly re-escaping the escaped stuff and you end up with strings like
<a href=\"\\"\\\\"\\\\\\\\"\\... !!
;in php.ini file
magic_quotes_gpc=off
Joomla security stuff
1. Use latest Joomla security update
Get latest joomla updates from here http://joomlacode.org/gf/project/joomla/frs/
2. All the sql injection takes place through the jos_users table , first off all change the databse prefix
execute the following queries to change table prefix names
SELECT CONCAT('RENAME TABLE ', GROUP_CONCAT('`', TABLE_SCHEMA, '`.`', TABLE_NAME, '` TO `', TABLE_SCHEMA, '`.`yourprefix_', TABLE_NAME, '`')) AS q
FROM `information_schema`.`Tables` WHERE TABLE_SCHEMA='yourdatabasename';
Change the prefix name value in configuration.php file also
var $dbprefix = 'yourprefix_';
3.Use only secure third party plugins and keep them updated
4.Use secure username and password for administrators
use strongpasswordgenerator.com or some other tool to generate strong password
5.Use an SEF component that makes your Joomla more secure
use .htaccess files provided with joomla package (just rename htaccess.txt to .htaccess)
6.Write-protect your Joomla configuration file (make unwriteable)
set 444 permission to configuration.php
7.Delete Joomla templates and unnecessary files/folders that you do not use
1 comment:
This is very informative blog . Keep it up. Your blogs are really useful for me.
thanks for sharing this blog.
Web Design Services Jaipur | Web Design Company Jaipur
Logo Design Services Jaipur | Logo Design Company Jaipur
Post a Comment