I have heard rumors that joomla and mambo weren't very safe. is this true. to make them safe can the administrator directory be protected with the .htaccess file..
somebody help..
somebody help..
Is Joomla/Mambo safe???
Mambo and Joomla are as safe as any web software can be. Of course, there has been a lot of trouble in the past (and might be in the future).
So you have to take care about security updates and there is no higher risk than with other software.
Makli
So you have to take care about security updates and there is no higher risk than with other software.
Makli
Pls read this you can understand
Joomla (and Mambo) are recently a big target for hackers and exploited a lot. All users who installed Joomla or Mambo are encouraged to update it to the latest version as fast as possible and thoroughly check their files for malicious scripts that might be uploaded.
Also, please add the following code to your .htaccess file, to block out the most common exploits:
Code:
******************************************************
#Begin
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode **** to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
# Block out any script that tries to set sbp or sb_authorname via URL
(simpleboard)
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
#End - Rewrite rules to block out some common exploits
*****************************************************
Joomla (and Mambo) are recently a big target for hackers and exploited a lot. All users who installed Joomla or Mambo are encouraged to update it to the latest version as fast as possible and thoroughly check their files for malicious scripts that might be uploaded.
Also, please add the following code to your .htaccess file, to block out the most common exploits:
Code:
******************************************************
#Begin
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode **** to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script that tries to set CONFIG_EXT (com_extcal2 issue)
RewriteCond %{QUERY_STRING} CONFIG_EXT([|%20|%5B).*= [NC,OR]
# Block out any script that tries to set sbp or sb_authorname via URL
(simpleboard)
RewriteCond %{QUERY_STRING} sbp(=|%20|%3D) [OR]
RewriteCond %{QUERY_STRING} sb_authorname(=|%20|%3D)
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
#End - Rewrite rules to block out some common exploits
*****************************************************
 |