Joomla Security Problems Start with Versions
Got Joomla security problems? Well, I hope not! But Joomla recently deprecated version 1.5.x. That means they no longer support that version. This also means that if you are still using version 1.5, then you will likely not know about any security vulnerabilities until they strike your website. Ouch!
The best way to prevent that is to upgrade your Joomla version right away. You currently have available version 2.5 (the next long-term support [LTS] version) and version 3.0.
Joomla decided with version 2.5 to make their LTS versions all x.5. Using the LTS version may not reduce the number of upgrades you have to perform in the next 12 months. You’re always going to have to perform the upgrade when Joomla releases each one. That comes with the territory. It’s either that, or risk your site being vandalised or worse with Joomla security problems that could give you nightmares.
How to Check Which Version of Joomla You’re Using
A wise man told me many years ago, “The only dumb question is one that is never asked.” It’s okay not to know simple things. Ask and you will receive, right? In order to find your Joomla version number, go to your admin section (any page) and scroll to the bottom. The current version number should be there.
Alternatively, you can look at the contents of your version.php file (found in the includes or libraries/joomla folder). Simple.
You can go to the Joomla website to find out the latest stable version that is available. By all means, keep your Joomla updated, right now, with the latest 2.5.x or 3.0.x version.
Joomla is a Juicy Target for Hackers
Joomla security problems can be blamed partly on Joomla’s popularity. Increasingly, Joomla is a leading CMS, second only to WordPress. That makes it a target for unscrupulous crooks bent on no good. The more victims a hacker has that use a particular kind of software, the easier it is for them to make money off of their hard work.
An industrious and creative hacker could find a new vulnerability for Joomla and exploit it on all Joomla websites of the appropriate versions. But how does a site visitor know you’re using Joomla?
A hacker can determine if your site uses Joomla by checking the Generator Meta. And they don’t even have to do this manually. They can program a robot (web crawling software) to create a list of all Joomla sites by looking for this Meta. You can right click on a web page and select “View Page Source” (or something similar) in order to view the source code. For instance, the following is from www.Linux.com:
<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management” />
Oh, for shame, Linux! You’re still using an outdated version of Joomla for your website. One can hope they fix that before any more Joomla security problems strike version 1.5.x, because Joomla is no longer any help on such issues. No more security patches for that version.
All the other Joomla websites I checked did not have the version number listed. Good for Joomla. That will make the hackers work a bit harder.
Some sites will reveal more information by typing in “/administrator” right after the URL to get the Joomla admin log-in page. Some versions have a different Joomla banner graphic. The site, www.usjoomlaforce.com, currently has this problem. All other sites I checked had blocked this behaviour.
Adding “?tp=1″ after the home page URL will reveal some very interesting behaviour for most Joomla sites. In fact, the only one which didn’t look like a page editor’s nightmare after tacking on this bit of code was www.joomla.org. Somehow, they’ve programmed their site to block this behaviour, too.
Help! We’ve Been Hacked
If you have Joomla security problems, like a site that has been hacked or defaced, Joomla gives a list of recommendations to put an immediate stop to the problem and to ensure that it doesn’t come back to bite you again. Some hackers add back doors to their hacks so that, even after cleaning, the hacker can still get into your site to do damage. Here’s Joomla’s help on this:
What to Look For
When it comes to any software vulnerabilities, including Joomla security problems, there’s no sure fire way to know what to look for. If we knew in advance what vulnerabilities hackers would use, then programmers would plug them up before they became a problem.
Here’s a couple of articles that could help you prevent any problems from happening:
And particularly helpful is Joomla’s security checklist:
If you need any help with upgrades or other website issues, please let us know. That’s why we created our Web Circle website.
And if you have any questions or comments about this article, please let us know. And stay safe!