Mosets Mosets Help Mosets Tree How can I secure my site from hacking attempts?
Can't find what you're looking for? Search the forum.

How can I secure my site from hacking attempts?

Keeping up to date with our extension updates is the best way to ensure you have all the bug fixes and security issues addressed.

If you are using Mosets Tree 1.50 - 1.58, please upgrade to 1.59 or the latest releases from 2.0.x series. Additionally, make sure the following two configurations are disabled:

  • Joomla! Register Globals Emulation: OFF
  • Register Globals: OFF
You can check these configuration in your site's back-end under System > System Info.

There is also a set of mod_rewrite rules that are available in Joomla's .htaccess (renamed from htaccess.txt) file that will block out a lot of common exploits used to attack your Joomla website. To activate these rules, rename htaccess.txt to .htaccess and make sure the last section of the file looks like this:

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
Below is a list of recommended reading on Joomla's security:
Copyright © 2014 Mosets. All rights reserved.