UAB Joomla Security Project

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
japatton_uab
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Wed Jan 02, 2008 3:40 pm

UAB Joomla Security Project

Post by japatton_uab » Wed Jan 02, 2008 3:53 pm

Hello all, I'm a Computer Science student at the University of Alabama in Birmingham (UAB).

I'm starting an undergraduate research project on documenting the webserver vulnerabilities most used to create phishing sites on vulnerable servers.  We've found that many phishing servers are exploited via Joomla.  We would like to create some "patch your server" training videos that we could use to help hacked webmasters learn how to fix their servers.

With the new Joomla release, it seems that quite a few such vulnerabilities have been fixed. However, the nature of my project, and the fact that many people are still running from past releases, leads me to ask for the most "buggy" recent version of Joomla available. My question really has two parts:

1) What recent version of Joomla would you say people would still be running that is the most "buggy"?
2) How can I obtain a copy of that version? It seems that only the most recent version (1.5) is readily available.

Thanks for your time.
Last edited by japatton_uab on Fri Jan 11, 2008 8:53 pm, edited 1 time in total.

User avatar
cacimar
Joomla! Intern
Joomla! Intern
Posts: 82
Joined: Sun Aug 28, 2005 10:29 pm
Location: Austin, TX
Contact:

Re: UAB Joomla Security Project

Post by cacimar » Wed Jan 02, 2008 8:03 pm

Searching bugtraq and similar places should give you a good profile of public security knowledge on Joomla and extensions:
http://www.securityfocus.com/swsearch?s ... la&x=0&y=0
--
Rich Vázquez, CISA, CISSP
ImpactNews.com

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: UAB Joomla Security Project

Post by RussW » Thu Jan 03, 2008 4:19 am

Joomla! is available from the http://joomlacode.org/ site.

Please review the following FAQ's ASAP, you will find a wealth of information related to your queries.

  Security & Performance FAQ


The above mentioned FAQ will provide with more than enough information to assist you in further securing your sites.

Particular entries of note and to pay attention to, are;

  Joomla! Administrator's Security Checklist

  Help! My site's been compromised. Now what?

  Vulnerable Extension List

  Joomla! Tools Suite
  How can I check my Joomla! installation's overall security and health?

  What does Joomla! have to do with file permissions?
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

japatton_uab
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Wed Jan 02, 2008 3:40 pm

Re: UAB Joomla Security Project

Post by japatton_uab » Fri Jan 11, 2008 8:59 pm

Thanks for you help. Those pages will definitely help me as far as working out a solution. However, my questions were aimed at finding the version of Joomla that most would find to be the most vulnerable, just off the top of your head.

Also, a lot of older versions no longer seem to be available. Is there anywhere that still has something other than the most recent version? The current version won't really help me that much.

Thanks for your time.

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9352
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: UAB Joomla Security Project

Post by RussW » Fri Jan 11, 2008 9:24 pm

At this time, old and outdated versions of Joomla! are not made available, there is little to no reason for this.

Unfortunately, I find myself unable to answer your question, different versions of any software have different bugs and some are more vulnerable on a specific platform or server configuration than others.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/


Locked

Return to “Security in Joomla! 1.5”