Support

Admin Tools

#9974 Secure Website

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Monday, 25 July 2011 02:02 CDT

Sunday, 24 July 2011 19:27 CDT

user42830
I have a joomla 1.5.23 site which is already online in a few days ago my hosting provider of the disabled for which, according to the site was generating Phishing.

After a few days the site was reopened and set aside from there decided to take precautions and hence acquired Admintoolspro tool and I'm using the latest version 2.1.4.

From this information could tell me what tools I can use to protect my site Admintoolspro in every way.

My computer room has the following characteristics:
Joomla version 1.5.23
PHP Version 5.2.17

Any information will be welcome.

Sunday, 24 July 2011 20:32 CDT

earthrat
I am sure Nicholas will have some words of wisdom for you but don't stop there and consider that your hosting provider may be at the root of your problem.

Monday, 25 July 2011 00:54 CDT

user42830
I've been reviewing the extent of Admintoolspro and I notice he has a section about the security of the site.

Anyone have experience with the configuration of all these categories?

I find the documentation regarding all categories security area Admintoolspro component.

Note: should open a section in Spanish for the Latino community.

I welcome your comments.

Monday, 25 July 2011 02:02 CDT

nicholas
Hello Rodra,

In order to protect your site, you have to first make sure that your site is not compromised to begin with. Following our "Unhacking your site" guide should allow you to do so.

After you ensure that your site is not compromised in any way, it's time to set up Admin Tools Professional. Begin by enabling all Web Application Firewall options (which is the default). Then, use the .htaccess Maker to generate a security-enhancing .htaccess file for your site.

Apart from that, note that security is a process; it is not something that you can set up once and get it over with. At the very least, you have to check that all of your extensions (component, modules, plugins and templates) are up-to-date. You can also check if any of your extensions are in the Vulnerable Extensions List. If they appear there in red, uninstall them at once; red means that the extension is insecure and there is not a known patch for it yet. If they appear in green, it means that you have to upgrade to the latest release, as earlier releases are known to have vulnerabilities. Uninstalling vulnerable extensions is necessary, since Admin Tools can do only so much to protect your site. In some cases, extensions completely bypass your site's index.php files, Admin Tools code doesn't run and you have a gaping security hole. In some other cases, the attack vector may be such that Admin Tools can not block it 100%, leaving a small possibility that your site may be compromised.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!