Joomla Security

Joomla Firewall & Antivirus – A complete protection of your Joomla website.

Updated on: December 15, 2020

Vikas Kundu Vikas Kundu

9 mins read

Joomla Firewall & Antivirus – A complete protection of your Joomla website.

Multiple vulnerabilities have been exposed in Joomla this year. If left unpatched it makes multiple Joomla installations vulnerable around the globe. In the years to come, many more will be exposed. This is just how the cybersecurity world works. However, it doesn’t imply that certain protection measure cannot be taken. The best defense against such threats is a Joomla firewall. At times the firewall can be in the form of Joomla security extensions. When under attack, a Joomla firewall is the first and probably the best line of defense. In a layman’s term if Joomla is your home then the Joomla firewall is the gate protecting it. A Joomla antivirus, on the other hand, can scan your core files for malware. Joomla antivirus can also do periodical scans to remove the infection.

This Blog Includes show

Common Joomla Threats and How Astra Firewall Stops Them:

A cyber attack can prove to be disastrous for your website. Especially if you are a startup. So your business can lose reputation as well as revenue. Organized cybercrime is evolving day by day. New exploits are being created even as you read this article. So the threats could come from anywhere. However, there are certain types of attacks that are common. We shall now take a look at such common attacks and how Astra can help.

Astra Firewall secures your website from all cyber attacks in real-time. Drop us a message on the chat widget and we’d be happy to help you. Get a Joomla firewall & Joomla antivirus now.

1) Joomla SQL Injection

An SQL injection can compromise the database of your site. It occurs when one or more parameters of certain plugins allow unsanitized input. The latest finding of SQLi in Joomla was the component Jimtawl 2.2.7.

http://localhost/[PATH]/index.php?option=com_jimtawl&view=user&task=user.edit&id=[SQL]

Here, the parameterid was vulnerable to error based and statement SQLi. This is just one example, Joomla has suffered from multiple such vulnerabilities this year. To get an overview of how rampant SQLi is, look at the image below.

These are the exploits released this year regarding Joomla SQLi. Some 75+ exploits have been released this year. Many more can be expected in the next couple of months. What is alarming is that these exploits are openly available. So, even script kiddies can use it to attack your Joomla installation!

2) Astra Joomla Firewall: Blocking SQLi

Step1: The Astra Joomla firewall monitors all your HTTP traffic.

Step2: It detects some unusual request generated due to an attacker trying SQLi.

Step3: The Astra Joomla firewall blocks the requests. Thus preventing it from reaching the database. And later on, getting executed.

Step4: Sometimes, the offender IP address uses an automatic tool like Sqlmap. These tools generate multiple requests. Astra Joomla firewall detects a sudden spike in requests and blocks the IP.

Step5: The Astra Joomla antivirus can clean up the stagers uploaded using SQLi.

3) Astra Joomla Firewall: Joomla XSS

Cross-site scripting is basically an attack where a malicious script is injected into the HTML pages. Most often it is a javascript but at times could be HTML. So, the latest XSS in Joomla was dubbed as CVE-2018-12711, which was a reflected XSS. XSS is so common that it makes to list of OWASP top 10 each year. By exploiting an XSS vulnerability, an attacker can:

  • Hijack session data like cookies.
  • Conduct a phishing attack to steal credentials.
  • Redirect web users to a different URL.
  • Hook the web user’s browser. Then user certain tools like BeEF to exploit automatically.
  • In the case of stored XSS, multiple users can be targeted at once.

4) Astra Joomla Firewall: Preventing XSS

The Astra firewall protects Joomla sites against the OWASP top 10 and other 80+ common attacks. So basically it scans the HTTP incoming traffic for code such as:

<body onload=alert('test1')>

<img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);

http://testsite.test/<script>alert(“TEST”);</script>

All these pieces of code indicate an attacker trying to exploits an XSS. All such requests are blocked by the Astra Joomla firewall. Sometimes the attackers try to hide their code using base64 encode i.e.

<META HTTP-EQUIV="refresh"
CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgndGVzdDMnKTwvc2NyaXB0Pg">

The Joomla Astra firewall has inbuilt capabilities to detect code obfuscation. The request will be blocked as soon this code is detected. The Joomla antivirus can scan for stored XSS. Moreover, in case a new XSS vulnerability is found, Astra automatically patches it. So sit back and relax and let Astra do all the work!

Astra Firewall secures your website from all cyber attacks in real-time. Drop us a message on the chat widget and we’d be happy to help you. Get a Joomla firewall & Joomla antivirus now.

5) Astra Joomla Firewall: Joomla Japanese & Pharma Spam

Spam is the unwanted content or pages that appear on your Joomla site. Hackers conduct large spam campaigns to generate revenue. Spam content often displays ads. However, in some cases, it redirects users to generate clicks. It could be a Pharma spam or the infamous Japanese SEO spam. It is a matter of concern that at times spam pages may not be directly visible to you. However, the search engines can detect it and block your site. To check if your site is infected with Japanese SEO spam, searchsite:[your site root URL] japan. Similarly for pharma spam searchsite:[your site root URL] viagra. As a result of spam, your site may lose most of the traffic. Furthermore, pharma spam displays viagra ads thus affecting your site reputation!

Japanese SEO Spam in Google Search Results
Japanese Keyword Hack in Joomla
SEO spam Joomla
Pharma Hack in Joomla

6) Astra Joomla Firewall: Fighting Spam

  • Firstly, the Joomla Astra firewall notifies you if any changes are made to your site. As soon, a change is made to a webpage, an email is dispatched to the client. This email notifies about the content that has been changed. In case it was not you, then notify Astra.
  • Secondly, Astra checks you site through 66+ blacklist engines every day. In case it notices your site is blacklisted it notifies you. Thus plugging loopholes before your site traffic goes down to zero.
  • Apart from this, Astra provides signup spam prevention too. So, it detects and removes fake signups thus keeping your database clean!

7) Joomla Privilege Escalation

Privilege escalation means accessing the resources not intended for you. At times the Joomla installation may be improperly configured thus granting users to view sensitive files. Other times it could be a bug like CVE-2016-8869, CVE-2016-8869. This was due to a problem withcom_users:user.register. It blocked files containing<?php, or with the extensions.php and.phtml. However, the attacker was free to upload files with<?= and.pht files. The uploaded file could be then used for the second wave of attacks!

8) Astra Joomla Firewall: Checking Permissions

Astra scans your site for any outdated files. It automatically patches any code vulnerable to privilege escalation. Also, the users are notified about any critical updates through e-mails. Moreover, Astra tracks your logins. As soon Astra notices any login anomalies, it blocks the attempt. Thus keeping your admin panel safe all the time. The Astra Joomla antivirus can clean up these shells.

Other Misconfigurations

1) Default Uploads

At time poor configurations allow users to upload the file of their choice i.e. .php, .asp etc. It is typically seen in forums which allow file uploading. Since there is no control over what type of file is uploaded, the attacker can practically own your server!

2) Weak Credentials

Using default or weak credentials can expose your Joomla installation. Avoid using weak or default passwords likeadmin:nimda:password:drowssap. A simple brute-force attack can give away these passwords.

3) Third-party plugins

At times unreputed plugins can cause security issues. Since they are poorly coded, it exposes the Joomla installation to above-mentioned attacks. Use plugins of reputed publishers. Keep plugins up to date!

4) Outdated

At times core Joomla files may be outdated. This is a huge security risk. Much of the attacks can be prevented by keeping an up to date installation.

Consult Astra security experts now to get a Joomla firewall & Joomla antivirus. Our powerful Joomla Antivirus safeguards your website from. XSS, LFI, RFI, SQL Injection, Bad bots, Automated Vulnerability. Scanners, and 80+ security threats. Secure my Joomla website now.

Astra Joomla Firewall: Other Features

1) Uploads Scanning

Astra scans all the files uploaded to your server. So in case, an attacker tries to upload a shell, it is blocked. The Joomla antivirus from Astra scans your core files regularly. The Astra Joomla antivirus also removes them. Later on, the user is notified.

2) Prevent automation

Often, the bots try to streal content from your website. Or sometimes may choke up the bandwidth. This can decrease the speed of your site for genuine users. Moreover, this affects your SEO rank too. Joomla Astra firewall detects and blocks these bad bots. Preventing automatic tools from exploiting your site.

3) Honeypots

Astra is also capable of tricking bad bots and hackers. It’s algorithms detect an attack. It diverts those attackers to honeypots. Which tricks them into believing that your site has been compromised. However, in reality, your site is perfectly safe from prying eyes! Check how Astra blocks auto

4) Joomla Antivirus

Astra also deals with Joomla sites which are already compromised. The Astra Joomla antivirus cleans all kinds of infections. Moreover, the Joomla antivirus can block any reverse shells and sandbox infected files!

5) User-Friendly

What sets Astra Joomla firewall apart is its use to ease. You need not be an expert to use it. Astra is installed as a plugin in your Joomla website. It has a custom built-in Joomla antivirus to clean any infection.

As shown in the image above, Astra is a one-stop solution. It gives a comprehensive overview of attacks stopped every day. Astra is the perfect mixture of automation and human support. Thus, if any point of time you need expert support, it is available. Also, the Astra Joomla firewall works seamlessly with Cloudflare. Moreover, the Astra Joomla antivirus scans your files round the clock.

Take an Astra Demo now!

Tags: , ,

Vikas Kundu

Vikas Kundu

Vikas is a computer science graduate with a keen interest in cybersecurity. Besides programming cool software, he also shares his knowledge on website security on niche blogs. He has written over 150 technical write-ups to date and is still actively writing. In his free time, he can be found playing football.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
Joomla Security Scanner
Joomla Security Scanner
4 years ago

Thanks for sharing this article about astra joomla firewall and antivirus to protect our website.

0
Reply

Related Articles

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders
Astra Security

We make security simple and hassle-free for thousands of websites & businesses worldwide.

See our glowing reviews on

Pentest

Company

Resources

Services

Made with ❤️ in USA France India Germany

Copyright © 2024 ASTRA IT, Inc. All Rights Reserved.

Privacy Policy Terms of Service Report a vulnerability