Recently, we have experienced some attempts of Joomla! attack attempts.
Therefore, we have decided to publish this article. It is no new discovery,
but it brings information to help you sleep well. Especially important
this article is for users who are using older Joomla! versions (previous
to 1.0.12).
First of all, you should check that your .htaccess file contains following rules,
which are now parts of Joomla! distribution by default, but it has not been
always so.
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
You should have these rules enabled no matter whether you are using SEF
components or not.
Now, what does JoomSEF 2.2.2 adds to this? The answer is simple.
If you will install or upgrade to JoomSEF 2.2.2, your site will be protected
against most known hacks even when you do not have the rules above
included in your .htaccess file. But in any case, we recommend you do not
rely on this and except upgrading to JoomSEF 2.2.2 you also check that you
have the rules in place and if not, add them.
Best regards,
ARTIO Support Team
