Joomla Firewall & Joomla antivirus

Importance of a Joomla Firewall & Antivirus

Multiple vulnerabilities have been exposed in Joomla this year. If left unpatched it makes multiple Joomla installations vulnerable around the globe. In the years to come, many more will be exposed. This is just how the cybersecurity world works. However, it doesn’t imply that certain protection measure cannot be taken. The best defense against such threats is a Joomla firewall. At times the firewall can be in the form of Joomla security extensions. When under attack, a Joomla firewall is the first and probably the best line of defense. In a layman’s term if Joomla is your home then the Joomla firewall is the gate protecting it. A Joomla antivirus, on the other hand, can scan your core files for malware. Joomla antivirus can also do periodical scans to remove the infection.

Common Joomla Threats and How Astra Firewall Stops Them:

A cyber attack can prove to be disastrous for your website. Especially if you are a startup. So your business can lose reputation as well as revenue. Organized cybercrime is evolving day by day. New exploits are being created even as you read this article. So the threats could come from anywhere. However, there are certain types of attacks that are common. We shall now take a look at such common attacks and how Astra can help.

Astra Firewall secures your website from all cyber attacks in real-time. Drop us a message on the chat widget and we’d be happy to help you. Get a Joomla firewall & Joomla antivirus now.

1) Joomla SQL Injection

An SQL injection can compromise the database of your site. It occurs when one or more parameters of certain plugins allow unsanitized input. The latest finding of SQLi in Joomla was the component Jimtawl 2.2.7.

http://localhost/[PATH]/index.php?option=com_jimtawl&view=user&task=user.edit&id=[SQL]

Here, the parameterid was vulnerable to error based and statement SQLi. This is just one example, Joomla has suffered from multiple such vulnerabilities this year. To get an overview of how rampant SQLi is, look at the image below.

These are the exploits released this year regarding Joomla SQLi. Some 75+ exploits have been released this year. Many more can be expected in the next couple of months. What is alarming is that these exploits are openly available. So, even script kiddies can use it to attack your Joomla installation!

2) Astra Joomla Firewall: Blocking SQLi

Step1: The Astra Joomla firewall monitors all your HTTP traffic.

Step2: It detects some unusual request generated due to an attacker trying SQLi.

Step3: The Astra Joomla firewall blocks the requests. Thus preventing it from reaching the database. And later on, getting executed.

Step4: Sometimes, the offender IP address uses an automatic tool like Sqlmap. These tools generate multiple requests. Astra Joomla firewall detects a sudden spike in requests and blocks the IP.

Step5: The Astra Joomla antivirus can clean up the stagers uploaded using SQLi.

3) Astra Joomla Firewall: Joomla XSS

Cross-site scripting is basically an attack where a malicious script is injected into the HTML pages. Most often it is a javascript but at times could be HTML. So, the latest XSS in Joomla was dubbed as CVE-2018-12711, which was a reflected XSS. XSS is so common that it makes to list of OWASP top 10 each year. By exploiting an XSS vulnerability, an attacker can:

  • Hijack session data like cookies.
  • Conduct a phishing attack to steal credentials.
  • Redirect web users to a different URL.
  • Hook the web user’s browser. Then user certain tools like BeEF to exploit automatically.
  • In the case of stored XSS, multiple users can be targeted at once.

4) Astra Joomla Firewall: Preventing XSS

The Astra firewall protects Joomla sites against the OWASP top 10 and other 80+ common attacks. So basically it scans the HTTP incoming traffic for code such as:

<body onload=alert('test1')>

<img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);

http://testsite.test/<script>alert("TEST");</script>

All these pieces of code indicate an attacker trying to exploits an XSS. All such requests are blocked by the Astra Joomla firewall. Sometimes the attackers try to hide their code using base64 encode i.e.

<META HTTP-EQUIV="refresh"
CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg">

The Joomla Astra firewall has inbuilt capabilities to detect code obfuscation. The request will be blocked as soon this code is detected. The Joomla antivirus can scan for stored XSS. Moreover, in case a new XSS vulnerability is found, Astra automatically patches it. So sit back and relax and let Astra do all the work!

Astra Firewall secures your website from all cyber attacks in real-time. Drop us a message on the chat widget and we’d be happy to help you. Get a Joomla firewall & Joomla antivirus now.

5) Astra Joomla Firewall: Joomla Japanese & Pharma Spam

Spam is the unwanted content or pages that appear on your Joomla site. Hackers conduct large spam campaigns to generate revenue. Spam content often displays ads. However, in some cases, it redirects users to generate clicks. It could be a Pharma spam or the infamous Japanese SEO spam. It is a matter of concern that at times spam pages may not be directly visible to you. However, the search engines can detect it and block your site. To check if your site is infected with Japanese SEO spam, searchsite:[your site root URL] japan. Similarly for pharma spam searchsite:[your site root URL] viagra. As a result of spam, your site may lose most of the traffic. Furthermore, pharma spam displays viagra ads thus affecting your site reputation!

Japanese SEO Spam in Google Search Results
Japanese Keyword Hack in Joomla

 

SEO spam Joomla
Pharma Hack in Joomla

6) Astra Joomla Firewall: Fighting Spam

  • Firstly, the Joomla Astra firewall notifies you if any changes are made to your site. As soon, a change is made to a webpage, an email is dispatched to the client. This email notifies about the content that has been changed. In case it was not you, then notify Astra.
  • Secondly, Astra checks you site through 66+ blacklist engines every day. In case it notices your site is blacklisted it notifies you. Thus plugging loopholes before your site traffic goes down to zero.
  • Apart from this, Astra provides signup spam prevention too. So, it detects and removes fake signups thus keeping your database clean!

7) Joomla Privilege Escalation

Privilege escalation means accessing the resources not intended for you. At times the Joomla installation may be improperly configured thus granting users to view sensitive files. Other times it could be a bug like CVE-2016-8869, CVE-2016-8869. This was due to a problem withcom_users:user.register. It blocked files containing<?php, or with the extensions.php and.phtml. However, the attacker was free to upload files with<?= and.pht files. The uploaded file could be then used for the second wave of attacks!

8) Astra Joomla Firewall: Checking Permissions

Astra scans your site for any outdated files. It automatically patches any code vulnerable to privilege escalation. Also, the users are notified about any critical updates through e-mails. Moreover, Astra tracks your logins. As soon Astra notices any login anomalies, it blocks the attempt. Thus keeping your admin panel safe all the time. The Astra Joomla antivirus can clean up these shells.

Other Misconfigurations

1) Default Uploads

At time poor configurations allow users to upload the file of their choice i.e. .php, .asp etc. It is typically seen in forums which allow file uploading. Since there is no control over what type of file is uploaded, the attacker can practically own your server!

2) Weak Credentials

Using default or weak credentials can expose your Joomla installation. Avoid using weak or default passwords likeadmin:nimda:password:drowssap. A simple brute-force attack can give away these passwords.

3) Third-party plugins

At times unreputed plugins can cause security issues. Since they are poorly coded, it exposes the Joomla installation to above-mentioned attacks. Use plugins of reputed publishers. Keep plugins up to date!

4) Outdated

At times core Joomla files may be outdated. This is a huge security risk. Much of the attacks can be prevented by keeping an up to date installation.

Consult Astra security experts now to get a Joomla firewall & Joomla antivirus. Our powerful Joomla Antivirus safeguards your website from. XSS, LFI, RFI, SQL Injection, Bad bots, Automated Vulnerability. Scanners, and 80+ security threats. Secure my Joomla website now.

Astra Joomla Firewall: Other Features

1) Uploads Scanning

Astra scans all the files uploaded to your server. So in case, an attacker tries to upload a shell, it is blocked. The Joomla antivirus from Astra scans your core files regularly. The Astra Joomla antivirus also removes them. Later on, the user is notified.

2) Prevent automation

Often, the bots try to streal content from your website. Or sometimes may choke up the bandwidth. This can decrease the speed of your site for genuine users. Moreover, this affects your SEO rank too. Joomla Astra firewall detects and blocks these bad bots. Preventing automatic tools from exploiting your site.

3) Honeypots

Astra is also capable of tricking bad bots and hackers. It’s algorithms detect an attack. It diverts those attackers to honeypots. Which tricks them into believing that your site has been compromised. However, in reality, your site is perfectly safe from prying eyes! Check how Astra blocks auto

4) Joomla Antivirus

Astra also deals with Joomla sites which are already compromised. The Astra Joomla antivirus cleans all kinds of infections. Moreover, the Joomla antivirus can block any reverse shells and sandbox infected files!

5) User-Friendly

What sets Astra Joomla firewall apart is its use to ease. You need not be an expert to use it. Astra is installed as a plugin in your Joomla website. It has a custom built-in Joomla antivirus to clean any infection.

As shown in the image above, Astra is a one-stop solution. It gives a comprehensive overview of attacks stopped every day. Astra is the perfect mixture of automation and human support. Thus, if any point of time you need expert support, it is available. Also, the Astra Joomla firewall works seamlessly with Cloudflare. Moreover, the Astra Joomla antivirus scans your files round the clock.

Take an Astra Demo now!

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

A computer nerd. Loves working with Sqlmap and BeEF (the software) ;) Has experience in wireless pen tests. Owns a chatbot on Pandorabots named Mark1. In free time he can be found saving some goals.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close