Joomla! Web SecuritySecure your Joomla! website from common security threats with this easy-to-use guide.Tom Canavan BIRMINGHAM - MUMBAIThis material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 Joomla! Web SecurityCopyright © 2008 Packt PublishingAll rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, Packt Publishing, nor its dealers or distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.Packt Publishing has endeavored to provide trademark information about all the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.First published: September 2008Production Reference: 2160908 Published by Packt Publishing Ltd. 32 Lincoln Road Olton Birmingham, B27 6PA, UK.ISBN 978-1-847194-88-6www.packtpub.comCover Image by Nilesh Mohite (nilpreet2000@yahoo.co.in)This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 CreditsAuthorTom CanavanReviewerKenneth CrowderAcquisition EditorShayantani ChaudhuriDevelopment EditorVed Prakash JhaTechnical EditorDarshana D. ShindeCopy EditorSneha M. KulkarniEditorial Team LeaderMithil KulkarniProject ManagerAbhijeet DeobhaktaProject CoordinatorBrinell LewisIndexersHemangini BariRekha NairProofreaderChris SmithProduction Coordinators Aparna BhagatRajni ThoratCover WorkAparna BhagatThis material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 About the AuthorTom Canavan has been in the Computer and IT industry throughout his career. Currently, he is the Chief Information Ofcer of a very large .com. He has worked in this industry for twenty-four years in various capacities.He authored the book Dodging the Bullets: A Disaster Preparation Guide for Joomla! Web Sites and is very active in the Joomlasphere.He and Kathy Strickland of raptorservices.com.au are the co-hosts of the popular podcast REBELCMS.COM.I commit this book to my God and Savior Jesus Christ. I thank my wife Carol Ann for putting up with me while I wrote yet another book. Thank you the reader for taking a moment to look at this, may it bless and care for you. This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 About the ReviewerKenneth Crowder has been involved in the Joomla! Community since the days of Mambo. He has volunteered countless hours to help out the Open Source Project and is considered an expert in all Joomla!-related things. He also is known as the patient, helpful global moderator in the Joomla! Online forum.Currently, Kenneth is the Senior Software Engineer at BIGSHOT (www.thinkBIGSHOT.com), a full-service marketing and advertising agency located in Kansas City, Mo. Kenneth holds a bachelor's degree in Computer Science from Northwest Missouri State University. He and his wife, Michelle, have a son, Ryland, and a new baby due in March 2009.I thank Tom for giving me the opportunity to contribute to this book.This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 Table of ContentsPreface 1Chapter 1: Let's Get Started 7Introduction 7Common Terminology 8Hosting—Selection and Unique Needs 9What Is a Host? 9Choosing a Host 9Questions to Ask a Prospective Host 10Facilities 10Things to Ask Your Host about Facility Security 11Environmental Questions about the Facility 12Site Monitoring and Protection 12Patching and Security 13Shared Hosting 13Dedicated Hosting 15Architecting for a Successful Site 17What Is the Purpose of Your Site? 17Eleven Steps to Successful Site Architecture 18Downloading Joomla! 20Settings 21.htaccess 24Permissions 26User Management 27Common Trip Ups 27Failure to Check Vulnerability List First 27Register Globals, Again 28Permissions 28Poor Documentation 29Got Backups? 29This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 Table of Contents[ ii ]Setting Up Security Metrics 30Summary 39Chapter 2: Test and Development 41Welcome to the Laboratory! 42Test and Development Environment 42What Does This Have to Do with Security? 43The Evil Hamster Wheel of Upgrades 44Determine the Need for Upgrade 45Developing Your Test Plan 47Essential Parameters for a Successful Test 47Using Your Test and Development Site for Disaster Planning 49Updating Your Disaster Recovery Documentation 49Make DR Testing a Part of Your Upgrade/Rollout Cycle 50Crafting Good Documentation 50Using a Software Development Management System 54Tour of Lighthouse from Artifact Software 54Reporting 56Using the Ravenswood Joomla! Server 58Roll-out 59Summary 60Chapter 3: Tools 61Introduction 61Tools, Tools, and More Tools 62HISA 62Installation Check 63Web-Server Environment 64Required Settings for Joomla! 66Recommended Settings 67Joomla Tools Suite with Services 68How's Our Health? 70NMAP—Network Mapping Tool from insecure.org 78Wireshark 81Metasploit—The Penetration Testers Tool Set 83Nessus Vulnerability Scanner 86Why You Need Nessus 86Summary 88Chapter 4: Vulnerabilities 89Introduction 89Importance of Patching is Paramount 91What is a Vulnerability? 92Memory Corruption Vulnerabilities 93SQL Injections 95This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 Table of Contents[ iii ]Command Injection Attacks 97Attack Example 97Why do Vulnerabilities Exist? 98What Can be Done to Prevent Vulnerabilities? 99Developers 99Poor Testing and Planning 99Forbidden 101Improper Variable Sanitization and Dangerous Inputs 102Not Testing in a Broad Enough Environment 102Testing for Various Versions of SQL 103Interactions with Other Third-Party Extensions 103End Users 103Social Engineering 103Poor Patching and Updating 105Summary 105Chapter 5: Anatomy of Attacks 107Introduction 108SQL Injections 108Testing for SQL Injections 112A Few Methods to Prevent SQL Injections 113And According to PHP.NET 114Remote File Includes 114The Most Basic Attempt 116What Can We Do to Stop This? 117Preventing RFI Attacks 121Summary 122Chapter 6: How the Bad Guys Do It 123Laws on the Books 123Acquiring Target 125Sizing up the Target 126Vulnerability Tools 129Nessus 129Nikto: An Open-Source Vulnerability Scanner 130Acunetix 130NMAP 131Wireshark 132Ping Sweep 132Firewalk 132Angry IP Scanner 133Digital Graffiti versus Real Attacks 135Finding Targets to Attack 143This material is copyright and is licensed for the sole use by Thomas Rosenblum on 4th December 20081010 SW High Ave., , Topeka, , 66604 . Joomla! Web SecuritySecure your Joomla! website from common security threats with this easy-to-use guide.Tom. and yet an easy-to-set-up website might choose Joomla! . He or she is not a specialist in security, either good security or bad security. He or she is merely