Joomla Hosting BLOG

Blog about Joomla, Technologies and Hosting Service

Joomla Hosting - ASPHostPortal.com :: Joomla Security Issues that Get Sites Hacked

clock February 22, 2017 04:56 by author Armend

As Joomla site recovery specialists, we're regularly approached for help and see the same Joomla vulnerabilities come up time and again. What's sad is that they are incredibly easy to correct, but once a Joomla site is hacked it comes at considerable cost to get it fixed and secure again.

The Security Issues

#Issue 1: Build it and Forget It
The number one cause of hacked sites is lack of maintenance. It is incredibly simple and doesn't require much investment in time, but most sites get hacked simply because they do not stay up-to-date with the security releases for the Joomla core or its extensions.


The problem stems from the fact that hackers are more and more aggressive and use automated tools to execute attacks at scale. 10 years ago you could leave a site as it was for several years, but these days any open source software, including Joomla, requires maintenance and security patch application.
The web is a wild west and your website needs to stay up-to-date if you're going to keep the desperadoes out.

The fix:

  • Create a schedule for checking for and applying updates.
  • Sign up for notifications from the Joomla vulnerability database and the Joomla core security notification list.

If you're the site builder: make sure and offer your clients some form of maintenance service. Include it on any estimates or proposals you provide them along with the rationale for why it is important.

#Issue 2: Lazy Passwords

If you don't take password security seriously, your site will be hacked. Password guessing is an incredibly common attack because of how often it's successful. No one likes to have to remember difficult passwords but it is essential to security.
Passwords that are simple words with numbers or relatively short are quickly guessed using automated "brute force" attacks.

The fix:

Use long passwords that are nonsensical and use a few special characters, but that you can remember. This works because password length creates complexity which makes using a computer script to guess them difficult so long as there is some variation.
For example: president!Tokyo!furious!zebra
If you're the site builder: make sure and explain to your clients why this is important and provide them with these longer passwords.

#Issue 3: Self Hosting (or Bottom Barrel Hosts)

It's not difficult to get a virtual private server, dedicated server, or even in-house box set up. For some agencies and freelancers its attractive because you can host many sites at a cost savings compared to shared or reseller hosting. However, it's critical that the server environment is set up with the security packages and configured correctly. Additionally, just like for any Joomla website, servers require maintenance in order for the security to remain effective.
Even if your Joomla site is in good shape, if your server is vulnerable, you're going to end up hacked. We get many requests for help from agencies and individuals that have self hosted or chosen bottom barrel hosting providers and ended up in trouble.

The fix:

Either use some form of a managed server or hire a system administrator to regularly audit your server security.

#Issue 4: Poorly Chosen Extensions & Templates

Poorly chosen extensions and templates often create flaws in Joomla security (more on this below.) Here are a couple common scenarios:

  • A site builder needs functionality which is more esoteric and has a hard time finding a solution. They find an extension which fits the need fairly well, but doesn't appear to be of high quality or well-maintained. They install the extension anyways and trust that everything will work out.
  • A site builder tries to save some money by downloading a commercial extension or template from a free scripts website and not the developer (it's not quite pirating because it's open-source, but still unethical because they are sticking the developer by not supporting their work.)

These are scenarios in which not only may holes be being created in the Joomla security, but that the site builder may actively be incorporating malware and other malicious code without realizing it.

The fix:

Use extensions and templates from reputable sources. If you can't find one, either hire a Joomla developer or Joomla development company to create it bespoke or find another solution for the need if you can't afford custom work.
Sometimes it's better to do without then to do with!

#Issue 5: Legacy Directories/Code

For any site that's been on the web for more than a couple years, it's likely that it has accumulated some legacy code. If this code isn't cleaned up, it significantly increases the chances that the site will be compromised. This is because over time more and more vulnerabilities are discovered by hackers.

The 3 most common scenarios:

  • The webmaster or site builder installs an extension, doesn't end up using it, and forgets about it.
  • A Joomla developer working on the site creates a staging or backup directory to test some updates in and once the updates are incorporated in the live site forgets to remove the staging directory from the server.
  • The website uses multiple applications and while one is actively updated the others are neglected. For example, a Joomla site with a WordPress blog that is not updated.

The fix:

  • Once or twice a year audit your Joomla extensions for anything that you're no longer using and uninstall it.
  • Check for and remove any staging or backup directories. Whenever you're finished using a staging directory, make sure you clean it up as a final step.
  • Remember that vulnerabilities can be exposed by any code on your server, so make sure and keep all applications updated with the latest security patches.

What About Joomla Security Holes?

Joomla is developed by veteran developers who are highly aware of the security environment of the Internet and the risks involved. Joomla has a built-in security model to combat common vulnerabilities in web applications. Because of these factors, even though the core application is under an incredibly high level of scrutiny by hackers it rarely has significant security issues and when they are discovered they are patched very quickly.

Security holes are more likely to appear in poorly coded extensions that don't use the Joomla security model due to the inexperience or laziness of the developer. This is why it's critical to be particular when choosing extensions and not haphazardly installing everything that might work.

Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $1/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



Joomla Hosting - ASPHostPortal.com :: How To Remove Index.php in Joomla

clock February 8, 2017 05:26 by author Armend

So you setup your Joomla! website, produced it live, as well as a couple of weeks/months/years later realised that you'd forgotten to allow the HTAccess file for SEF URL's. The finish result becoming that as an alternative to obtaining a nice Search Engine (and user) friendly URL like /category/Blogs/post/, you as an alternative have /index.php/category/Blogs/post/.
You may just enable the HTAccess file, but all of the old URL's will return a 404. Not excellent if your web site has currently been indexed by search engines, even significantly less fantastic if you have got a great deal of inbound links on other web sites.

 


It's in fact incredibly straightforward to resolve, and within this post I'll be displaying you the two simple steps you need to take to configure your web site to redirect the old /index.php/* URLs towards the nice SEF ones you would like.

The very first step is easy, we want to allow the HTAccess file (assuming you haven't currently). In the root of one's Joomla! internet site can be a file named htaccess.txt, rename it to .htaccess

Second step: We need to have to add a mod_Rewrite rule to catch the old-style hyperlinks. Open .htaccess inside a text editor and uncover the line "RewriteEngine On". Right away under add the following (lines with a hash are comments, it is possible to skip these if required)

# Make sure the requested URL isn't a file or directory
# Why you'd create a directory called index.php, but best to be sure
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f

# Use a reg-Ex to find URL's where index.php is followed by something.
# If so, create a redirect to whatever followed the slash
RewriteRule ^index.php/(.*)$ /$1 [R=301]

Do not forget to save the file!

Now in the event you visit http://yoursite/index.php/category/Blogs/post/ you should be redirected to http//yoursite/category/Blogs/post/. Due to the fact you are sending a 301 (Permanently moved), the search engines must update their indexes at the same time.

It really is something folks encounter a good deal, but as you'll be able to see it's incredibly straightforward to resolve.

Joomla Hosting Recommendation

ASPHostPortal.com provides our customers with Plesk Panel, one of the most popular and stable control panels for Windows hosting, as free. You could also see the latest .NET framework, a crazy amount of functionality as well as Large disk space, bandwidth, MSSQL databases and more. All those give people the convenience to build up a powerful site in Windows server. We offers Joomla hosting starts from $1/month only. We also guarantees 30 days money back and guarantee 99.9% uptime. If you need a reliable affordable Joomla Hosting, we should be your best choice.



Joomla Hosting - ASPHostPortal.com :: How To Disable Joomla in Home Page

clock February 1, 2017 05:00 by author Armend

In case you are utilizing Joomla CMS dependent web-site and hate overlapping visibility of Joomla components on the website property web page, then you definitely have found the appropriate write-up to receive rid off with this monsters trouble. However, Joomla parts plays a crucial function in improving the practical talents of a web-site, although the overt existence of these equipment can destroy the appears of your enticing website homepage.

 

Step: 1

Develop a new module and set the location as frontcomp:
You need to place below given codes into the index file of your Joomla template.

<?php if($this->countModules(‘frontcomp’)) : ?>
<jdoc:include type=”modul es” name=”frontcomp” style=”xhtml” />
<?php endif; ?>


Step: 2

Now Replace Below Code With Display Component:

<?php if(!$this->countModules(‘frontcomp’)) : ?>
<jdoc:include type=”message” />
<jdoc:include type=”component” />
<?php endif; ?>

Step:3

Creation of Custom Module

It is the third step of your process. Now, you need to create a new and customized HTML module, set the position of module as Frontcomp and select homepage only to display.
That’s it! You have done it fabulously, Now, you can visit your website and check the expected changes. If you did not find overlapping Joomla components at the home page of your website, then you have certainly did a great job.

Best Joomla Hosting

ASPHostPortal.com is the leading provider of Windows hosting and affordable Joomla Hosting. Joomla 3.4 Hosting from ASPHostPortal.com provides a safe, reliable and performance-driven foundation for your Joomla website. Joomla is the perfect Content Management System for managing and developing your website with one of ASPHostPortal’s Hosting plans. ASPHostPortal has ability to support the latest Microsoft and ASP.NET technology, such as: WebMatrix, WebDeploy, Visual Studio 2015, .NET 5/ASP.NET 4.5.2, ASP.NET MVC 6.0/5.2, Silverlight 6 and Visual Studio Lightswitch, ASPHostPortal guarantees the highest quality product, top security, and unshakeable reliability, carefully chose high-quality servers, networking, and infrastructure equipment to ensure the utmost reliability. 



About ASPHostPortal.com

We’re a company that works differently to most. Value is what we output and help our customers achieve, not how much money we put in the bank. It’s not because we are altruistic. It’s based on an even simpler principle. "Do good things, and good things will come to you".

Success for us is something that is continually experienced, not something that is reached. For us it is all about the experience – more than the journey. Life is a continual experience. We see the Internet as being an incredible amplifier to the experience of life for all of us. It can help humanity come together to explode in knowledge exploration and discussion. It is continual enlightenment of new ideas, experiences, and passions

Corporate Address (Location)

ASPHostPortal
170 W 56th Street, Suite 121
New York, NY 10019
United States

Sign in