The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: To be on the safe side
PostPosted: Sun Jul 23, 2006 3:23 pm 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Jan 16, 2006 6:08 pm
Posts: 19
Location: Halderberge System
I want to thank all Joomla! developers for their time and effort. I returned from my holiday last sunday and spent a couple of days patching the 5 Joomla! sites under my supervision to 1.10.0. No harm was done to them during my absence because they are not indexed by search-engines. :)

I suggest 4 steps to be as safe as possible:

1. Keep close track of Joomla! patches, this goes for every component/module/bot you plugged into Joomla! as well.

2. CHMOD all directories and files according the advised settings. Tightens security to the required level.

3. Running on Apache look into the .htaccess file. There is a thread on this forum about this file and it is useful to help you keep the vultures out.

4. Consider the need of being listed in search-engines ... do you really need to be indexed? Since we give Joomla! the credits it deserves we keep the Joomla meta-tag in the header ... giving away the engine identity when indexed by ths search-bots. The scriptkiddies out there just perform a search on Yahoo or whatever and get a nice list of Joomla! sites to go to. Makes ya think, does it not? If you really need the search-engines I suggest you disallow the bots indexing your Joomla! directory and instead make a forwarder index.html in the root with the meta-tags you want to be indexed.

Since English is not my native tongue I hope I made sense, if not, please let me know.

_________________
Jan  van Vugt - Europe - Project Mercenary
The code is more what you'd call "guidelines" than actual rules.


Top
 Profile  
 
PostPosted: Tue Jul 25, 2006 6:56 pm 
User avatar
Joomla! Explorer
Joomla! Explorer

Joined: Sat Sep 03, 2005 1:56 am
Posts: 334
Location: Upstate New York
Murgen wrote:
4. Consider the need of being listed in search-engines ... do you really need to be indexed? Since we give Joomla! the credits it deserves we keep the Joomla meta-tag in the header ... giving away the engine identity when indexed by ths search-bots. The scriptkiddies out there just perform a search on Yahoo or whatever and get a nice list of Joomla! sites to go to. Makes ya think, does it not? If you really need the search-engines I suggest you disallow the bots indexing your Joomla! directory and instead make a forwarder index.html in the root with the meta-tags you want to be indexed.


You made perfect sense! Thank you for this advice!!
Can you provide any instruction on setting up a bot forwarder for meta-tags? Also, some Joomla sites have various sections and the cool thing about Joomla is that the keywords can be different depending on the page (content item). Too many keywords in a meta list would cause search engines to lower your listing qualifications...

_________________
Thanks!
Aaron


Top
 Profile  
 
PostPosted: Wed Jul 26, 2006 9:01 am 
User avatar
Joomla! Apprentice
Joomla! Apprentice

Joined: Mon Jan 16, 2006 6:08 pm
Posts: 19
Location: Halderberge System
I'm not the expert here but I use 2 files and place them in the root of my webspace (running Apache):

The first is a robot.txt, which is merely an instruction for search-bots.

robot.txt
Quote:
User-Agent: *
Disallow: /


Or more specific for certain bots (but there are so many now-a-days):
robot.txt
Quote:
User-agent: Googlebot
Disallow: /

User-Agent: Scooter-3.2.FNR
Disallow: /

User-Agent: ia_archiver
Disallow: /


The second file is the famous .htaccess file which I consider as the first entry to my cybercastle ... Thanks to this forum my .htaccess has 3 chapters. The first locks all subdirectories, only the root can be indexed. The second part is a security-part, it defines the rewrite ruies and is the second gate in my cybercastle. The 3rd part solves a problem with quotes causing trailing slashes:

.htaccess
Quote:

order deny,allow
deny from all


########## Begin - Rewrite rules to block out some common exploits
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a


Who is online

Users browsing this forum: No registered users and 10 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group