Joomla Hosting BLOG

Blog about Joomla, Technologies and Hosting Service

Joomla Hosting - ASPHostPortal.com :: How To Protect Your Joomla Site From Force Attacks

clock October 22, 2013 07:22 by author ben

Even if you have a relatively small website, it is likely that you eventually have to deal with hackers. One of the most common methods of hacking is the brute force attack – here hackers will cycle through numbers and letters to try to crack your password. It has happened to Joomla users in recent memory, so it is important to be prepared as much as possible.

The reason that these brute force attacks were successful encompasses a number of different factors. First, you have unlimited login attempts with the Joomla platform. This means that brute force hackers can continue to try until they gain access or are detected. While there is not much the average user can do about this, you can use different tactics to make your site more secure against these hackers.


1. Don’t use the admin username
Many times, the most common usernames are targeted such as admin, webmaster, administrator, test, etc. These all are very common usernames and that’s why, it makes sense to avoid using them. Don’t worry, from the backend, you can select a different name that’s publicly visible. This means that your username can be “amazingme” and you can choose a different name to be displayed on the front-end.


2. Use a strong password

Use a strong password and avoid common passwords such as fghj, 2221, 12345, your name, etc. The brute force attack targets all the common passwords first, and that’s why you should use a strong password that is a combination of uppercase and lowercase letters, numbers and special characters like #@*^. For example; a strong password would be something like [email protected]^^#. Also, never use the same password at two different places.


3. Limit login attempts
It is highly recommended that you limit login attempts. This can be done by using a security plugin like Better Joomla Security, or by using Limit Login Attempts plugin.


4. Update core and add-ons to improve Joomla security
Since the most common successful attacks are due to known vulnerabilities in outdated Joomla versions and add-ons, one of the most important tasks for anyone responsible for Joomla security is to ensure that all the software remains up to date.
Thus, one of the most important features that has been added to Joomla is the new Joomla Update Manager which can be used to easily update many extensions, as well as the Joomla Update component to update Joomla itself.

5. Backup often
Take regular backup of your complete Joomla site. Some people don’t give importance to backup, and unfortunately, they realize the value of backup only after a disaster strikes. Also don’t rely much when your host says that they regularly perform backup, because if they don’t, then it will create more problems.



Joomla Hosting :: Joomla Redirecting Multiple URLs - Home Page with .htaccess

clock October 21, 2013 08:47 by author Mike

If you've changed menu items or aliases on your website, the old links will still be indexed on Google until it gets back around to checking them again. This means that if someone is linked to your website in Google and it gives them an old link, they will get a 404 error and won't be able to view anything.

This is where redirecting comes in. We need to redirect all the old links to the new ones to ensure a viewer still gets to the correct page. This can be done individually but can take hours - this is where we can utilise a batch redirect to speed up our process. This basically enables you to take any links with a certain alias and point it to a new alias.

Here is what a default Joomla htaccess file looks like:

##
# @package		Joomla
# @copyright	Copyright (C) 2005 - 2013 Open Source Matters. All rights reserved.
# @license		GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.

To add our redirects, we must ensure we put them before the Joomla SEF rewrites which is generally the last part of the file. See below how you can rewrite a URL.

######PTP SEO Redirections -- BEGIN
#301 Redirect Entire Old directories
RewriteRule blog/blog-category-1(.*)$ blog/blog-category-2$1 [R,L]
######PTP SEO Redirections -- END

This basically tells anything that has blog/blog-category-1 in it to redirect to the URL blog/blog-category-2. so the url withblog/blog-category-1/sub-category/item-to-view will automatically update toblog/blog-category-2/sub-category/item-to-view

Below is where we need to add this into our htaccess file - just before the SEF rewrites.

######PTP SEO Redirections -- BEGIN
#301 Redirect Entire Old directories
RewriteRule blog/blog-category-1(.*)$ blog/blog-category-2$1 [R,L]
######PTP SEO Redirections -- END

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.


Free ASP.NET hosting - ASPHostPortal.com :: ASPHostPortal.com Proudly Announces Free Trial Windows ASP.NET Hosting

clock October 3, 2013 10:58 by author ben

ASPHostPortal.com is a premier Windows and ASP.NET Web hosting company that specializes in Windows and ASP.NET-based hosting. We proudly announces 7 Day Free Trial Windows and ASP.NET Hosting to all new customers. The intention of this FREE TRIAL service is to give our customers a "feel and touch" of our system. This free trial is offered for the next 7 days and at anytime, our customers can always cancel the service.


The 7 Day Free Trial is available with the following features:

- Unlimited Domains
- 5 GB Disk Space
- 60 GB of Bandwidth
- 2 MS SQL Database
- Unlimited Email Account
- Support ASP.NET 4.5
- Support MVC 4.0
- Support SQL Server 2012
- Free Installations of ASP.NET And PHP Applications

ASPHostPortal.com believes that all customers should be given a free trial before buying into a service and with such approach, customers are confident that the product / service that they choose is not faulty or wrong. Even we provide free trial service for 7 days, we always provide superior 24/7 customer service, 99,9% uptime guarantee on our world class data center. On this free trial service, our customer still can choose from our three different data centre locations, namely Singapore, United States and Amsterdam (The Netherlands)

Anyone is welcome to come and try us before they decide whether or not they want to buy. If the service does not meet your expectations, our customer can simply cancel before the end of the free trial period.

For all the details of packages available visit ASPHostPortal.com

About ASPHostPortal.com:

ASPHostPortal.com is a hosting company that best support in Windows and ASP.NET-based hosting. Services include shared hosting, reseller hosting, and sharepoint hosting, with specialty in ASP.NET, SQL Server, and architecting highly scalable solutions. As a leading small to mid-sized business web hosting provider, ASPHostPortal strive to offer the most technologically advanced hosting solutions available to all customers across the world. Security, reliability, and performance are at the core of hosting operations to ensure each site and/or application hosted is highly secured and performs at optimum level.



About ASPHostPortal.com

We’re a company that works differently to most. Value is what we output and help our customers achieve, not how much money we put in the bank. It’s not because we are altruistic. It’s based on an even simpler principle. "Do good things, and good things will come to you".

Success for us is something that is continually experienced, not something that is reached. For us it is all about the experience – more than the journey. Life is a continual experience. We see the Internet as being an incredible amplifier to the experience of life for all of us. It can help humanity come together to explode in knowledge exploration and discussion. It is continual enlightenment of new ideas, experiences, and passions

Corporate Address (Location)

ASPHostPortal
170 W 56th Street, Suite 121
New York, NY 10019
United States

Sign in