Joomla! Discussion Forums

What most frightened is "deface". How to make a joomla site avoid this kind of attack ? What are the check lists to do ?

Thanks for advice

security checklist is good starting point http://docs.joomla.org/Joomla!_Administrators_Security_Checklist

read the above list and/or pull the cable from your server's nic card. Dont look for specific answers. Everyone has a different opinion. Understand how script kidd0z work and how to counter them. Read books about web app security and server configuration to prevent sqli, rfi, xss etc. If i tell you to install modsecurity, mod_suphp, edit php.ini, run sef, edit robots.txt etc etc etc you will come with a whole lot more questions. There is no substitute for working experience. If you want to be secure 98% hire a pro. I personally know how this brainless losers work (script kidd0z) and I analyze most of their tools so I am not really worried. I am always learning though, Its impossible to know everything.

from my personal experience :
this is a method which is already listed in security checklist but worked really well for me :
" just put all your critical files outside of public_html folder "
eg: you create a folder "secure" outside of public_html folder , then you place important files such as configuration.php etc in it , then by using require once you call these files from inside public_html folder , so what happens is that your main files wot get touched by outsiders be it hacker or someone else and still they will work they used to
hope it helps

Other tips for increase security :
- http://docs.joomla.org/Category:Security_Checklist
- viewtopic.php?f=432&t=335090
- viewtopic.php?f=432&t=391251

Also you may want to look at this as well.

http://www.modsecurity.org/index.html

I use a captcha (captchaconnector) with a survey.