Scribd Logo
Upload

Welcome to Scribd!

  • Website Audit, Vulnerabilities and Recommendations

    Uploaded by

    mark
    11 views2 pages
    The document contains an audit of vulnerabilities found on the Stonyisland.ru website running Joomla. Key findings include outdated extensions that create security loopholes, lack of SSL certificate enforcement, outdated themes/modules/plugins, and sensitive files and credentials that need better protection. The PHP version is also extremely outdated and vulnerable. Recommendations are to update all extensions and plugins, enforce HTTPS, enhance security of files and credentials, monitor server logs, add bot blocking, delete unused modules, and ensure the PHP version is supported. Cleaning up any code injections is also advised. The conclusion recommends keeping everything up-to-date in Joomla or switching to a more secure PHP framework like Laravel to eliminate risks.

    Original Description:

    Original Title

    Stonyisland

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document contains an audit of vulnerabilities found on the Stonyisland.ru website running Joomla. Key findings include outdated extensions that create security loopholes, lack of SSL certificate enforcement, outdated themes/modules/plugins, and sensitive files and credentials that need better protection. The PHP version is also extremely outdated and vulnerable. Recommendations are to update all extensions and plugins, enforce HTTPS, enhance security of files and credentials, monitor server logs, add bot blocking, delete unused modules, and ensure the PHP version is supported. Cleaning up any code injections is also advised. The conclusion recommends keeping everything up-to-date in Joomla or switching to a more secure PHP framework like Laravel to eliminate risks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    11 views2 pages

    Website Audit, Vulnerabilities and Recommendations

    Uploaded by

    mark
    The document contains an audit of vulnerabilities found on the Stonyisland.ru website running Joomla. Key findings include outdated extensions that create security loopholes, lack of SSL certificate enforcement, outdated themes/modules/plugins, and sensitive files and credentials that need better protection. The PHP version is also extremely outdated and vulnerable. Recommendations are to update all extensions and plugins, enforce HTTPS, enhance security of files and credentials, monitor server logs, add bot blocking, delete unused modules, and ensure the PHP version is supported. Cleaning up any code injections is also advised. The conclusion recommends keeping everything up-to-date in Joomla or switching to a more secure PHP framework like Laravel to eliminate risks.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    STONYISLAND.

    RU
    Website Audit, Vulnerabilities and Recommendations

     Old and outdated extensions installed: This is the top and most common reason behind
    a hacked Joomla website. Always keep all extensions up-to-date, and if you’re using an
    extension that is no longer supported, then try to find an alternative. If not, have a
    developer look at that extension to ensure it has no vulnerability issues. There are few
    outdated ones such as JoomShopping that create loop holes for hackers.

     SSL certificate (HTTPS) is not enforced: Https should be enforced when anyone opens
    non-secure URL.

     Get up-to-date, Stay up-to-date: All themes, modules and plugins should be up to date.

     Enhance the security of sensitive files like htaccess, configuration.php etc

     Enhance the security of ftp credentials and database users

     Check you server logs for IP's calling suspicious files or attempting POST commands to non-
    form's

     Protect Against Brute-force: Consider adding a bot block list to your .htaccess file

     Delete all unused modules and plugins.

     Do not enable or use anonymous ftp accounts for any reason.

     If you are using a nulled theme, better get a legal and paid version because nulled themes
    contain malicious stuff.

     Clean up a code injection attack: If you notice strange behavior from your pages, or if
    you see injected keywords or other types of spam in your content.

    How to clean up a code injection attack:


    https://www.inmotionhosting.com/support/website/hacks/clean-up-code-injection-
    attack

     Check your PHP version to make sure it is secure.


    Stonyisland is running on PHP version 5.4.16 which is extremely outdated and hence
    vulnerable.
    https://www.cvedetails.com/version/149817/PHP-PHP-5.4.16.html

    Currently supported PHP versions

    Conclusion:

    So, there are two possible solution for this problem statement. As far as my findings, the main
    reason is outdated stuff (theme, extension, modules etc.). Enhance the security by making a
    checklist of above mentioned points. https://forum.joomla.org/viewtopic.php?f=621&t=582854

    Everything should be up-to-date while using Joomla or any other CMS or it creates loopholes.
    The second solution will be to create a custom portal using secure PHP frameworks like Laravel
    to eliminate the above-mentioned risks.

    You might also like