Joomla is a open-source CMS. So it's framework, it's loops and hole are open to all.
It is thus now become easier for hacker and invaders to break into your site and take away your precious data. But, you can stop this nightmare from happening if you adapt some of the following precaution:
There are some extension which will help you to protect form invaders:
1)
jSecure Authentication
Drawback: Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!. Information: jSecure Authentication module prevents access to administration (back end) login page without appropriate access key.
2)
Login Confirmation by Core Design
Core Design Login Confirmation component for Joomla! 1.5
A simple and effective component which adds an additional layer of security to your Joomla! administration. This component sends to your e-mail address (after successfully login) a confirmation message with the security code. The administration is locked until you enter the code.
Component supports SMS sending via Clickatel SMS Gateway.
3)
SecurityImages (CAPTCHAs) for Joomla
SecurityImages helps reduce website spam and improve Joomla security by allowing you to implement CAPTCHAs. Ever been to a site where you had to register and the registration form required that you type in the same phrase that is found in a hard-to-read image? Those images are known as CAPTCHAs*.
To protect you from spam attempts, it offers five famillies of highly configurable CAPTCHAs. This component is a framework and is currently used by many others components: Akobook; Akocomment; Joomla contact, login and registration; Simpleboard forum; Vvirtuemart.
*CAPTCHA definition: A captcha (an acronym for "completely automated public Turing test to tell computers and humans apart") is a type of challenge- response test used in computing to determine whether or not the user is human. The term was coined in 2000 by Luis von Ahn, Manuel Blum, and Nicholas J. Hopper of Carnegie Mellon University, and John Langford of IBM. A common type of captcha requires that the user type the letters of a distorted and/or obscured sequence of letters or digits that appears on the screen.
gGuardXT performs some Joomla security checks on your website. The "heart" of GuardXT is a file system check (best scheduled as a cron job), that regularly monitors changes of your files. Additionally various security checks may be performed (e.g. check Joomla configuration, PHP settings etc...).
The results are presented in an easy to use and understand interface, and most security issues can be fixed immediately from the there.
GuardXT consists of several modules:
- Security News: Receives the JoomlaXT security news and displays them in the admin component.
- Version Check: Checks for latest version of Joomla! and GuardXT.
- File Guard: Checks your file system for changes, detects unsafe directory and file permissions.
- Configuration Check: Performs some basic checks of your Joomla configuration.
3) FILE PERMISSION (CHMOD)
For Linux server:
If you don't have correct fie permission of your root folder and files , then you are more prone to get hacked.
Do check following things before putting any precious data:
All the folder should be given 755 CHMOD permission level, and for files it should be 666.
For file like configuration.php and .httaccess ,keep the FilePermission to 644 to further ensure your security.
What will happen, if i don't have correct FILE PERMISSION ?
lol, your site don't need any professional hacker or cracker to break into your site, as you have opened not only windows but the GATES itself to let invader comes in.
Don't be so generous when it come to Web Security.
For instance if one of folder FILE PERMISSION is set to '777',then the data it contain can be directly access without going into the directory itself.
Just type " http://your_domain_name.ext/Folder_name/ " and it will show all your folder content and can be copied too.
So, don't let the atleast Door open for the Hacker to come in and steal your private data
For window server:
Here the story become little simple. window server has many flaws like it's more prone to viruses.
And here you can't change the FILE PERMISSION , simply by using any FTP client.
This setting has to be set by your HOST. So, ask your Host to make the necessary changes.
increase font size
