Joomla Security Extensions
I'm taking a CMS class at #mpict13 from @Mark_DuBois
and we have spent the day setting up Joomla.
By default it has pathetic security, plaintext
logins, very weak password hashes, no
filtering of inputs, etc.
These extensions seem to be good, and they
are all free. I haven't tried them in
any depth, of course.
jHackGuard
This is a free Web Application Firewall,
blocking SQL injection and other such
attacks.
From
http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/13233?qh=YToxOntpOjA7czoxMDoiamhhY2tndWFyZCI7fQ%3D%3D
Brute Force Stop
Locks out IP addresses that fail to log in
too many times.
From
https://github.com/codeling/bfstop
Encryption Configuration
Encrypts traffic with RSA, even when HTTPS is not
enabled. The wireshark capture below shows the
result--long scrambled strings, produced by several
local Javascript functions:
From
http://www.ratmilwebsolutions.com/downloads/encryption-configuration.html
One strange thing is that the user
can turn off the encryption before
logging in--if they do that, the
protection vanishes. Note the
option in the upper left here:
File Integrity Checking
I could not find any free plug-in
to scan Joomla 3 files for integrity,
unfortunately.
Cracking Hashes
More information here:
http://samsclass.info/123/proj10/comparing-hashes.htm
Posted 3:36 PM 6-19-13 by Sam Bowne