How do I provide a secure setup for users on my server?

Discussion regarding Joomla! 2.5 security issues.

Moderators: Bernard T, mandville, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Locked
NotACircular
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue Aug 04, 2009 9:35 am

How do I provide a secure setup for users on my server?

Post by NotACircular » Tue Sep 13, 2011 10:51 am

I've seen lots on the web about this, but most of it looks wrong. I've got a dedicated Linux server, and I'm running Joomla 1.7 on it. This is, I think, pretty secure (but I'm not a security expert): all the site files are owned by root, with group wheel (although configuration.php is root:root), most files have mode 644, directories have mode 755.

Here's the problem: I'm not much good at websites, and I've got a friend doing my Joomla stuff. He needs access to the site that he can't get from the admin login, to change, add, and remove files. His own background is Windows, he doesn't want to learn any Linux, and he would prefer to have "regular" ftp access to the site.

How do I handle this? This is much the same problem that an admin would have setting up Joomla in a shared hosting environment. I don't want to give him root access, because he's not familiar with Linux, and could screw the system. On the other hand, he must have root access to modify the Joomla distribution. Some possible answers are:

1 - I could set up a chroot jail for him, and give him root access, but there must be an easier way

2 - give him root ftp access, and try to fix the ftp server to limit root access (I think pureftp/whatever may do this?)

3 - give him his own set of Joomla files, in his home directory, which he can modify without root access. This is presumably what happens in hosting environments. But, if I do this, how do I make it secure, and does it require config changes in Apache? This is also inconvenient, since I have to copy his changes through to the main site files myself.

Thanks.

RedEye
Joomla! Ace
Joomla! Ace
Posts: 1460
Joined: Sat Jan 21, 2006 8:42 pm

Re: How do I provide a secure setup for users on my server?

Post by RedEye » Tue Sep 13, 2011 8:39 pm

Only read until here:
all the site files are owned by root, with group wheel (although configuration.php is root:root), most files have mode 644, directories have mode 755.
This is more than bad my friend, this is the case people say: A server is not a toy!
It seems you have a lot to read about server configuration...

NotACircular
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue Aug 04, 2009 9:35 am

Re: How do I provide a secure setup for users on my server?

Post by NotACircular » Tue Sep 13, 2011 9:10 pm

RedEye wrote:Only read until here:
This is more than bad my friend, this is the case people say: A server is not a toy!
It seems you have a lot to read about server configuration...
It is, almost verbatim, the recommendation on pages 49 and 50 of the O'Reilly book (Apache, The Definitive Guide, 3rd edn). If you think the book is wrong, or that I have misinterpreted it, it would be more helpful if you explained precisely why.

RedEye
Joomla! Ace
Joomla! Ace
Posts: 1460
Joined: Sat Jan 21, 2006 8:42 pm

Re: How do I provide a secure setup for users on my server?

Post by RedEye » Tue Sep 13, 2011 9:31 pm

Well, I not have read this book but Iam pretty sure that it not tell you to have files for your site owned by root, permissions 644 for files and 755 for directories are ok.
Also you never give any normal user root access, friend or not... also root login should be permitted, use sudo from a user how is in root group
Set up a new user for your joomla install and change owner and group for your files/directories to this user.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15077
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: How do I provide a secure setup for users on my server?

Post by mandville » Tue Sep 13, 2011 9:37 pm

NotACircular wrote:It is, almost verbatim, the recommendation on pages 49 and 50 of the O'Reilly book (Apache, The Definitive Guide, 3rd edn)
Perhaps it would be best if you started again and i will ask some questions in here

* how much of the book is copied, what in your post is the quoted sections, and please credit the source.
* where is the server hosted.
* HOW is the server hosted
* what "exactly" is your friend doing?
see http://docs.joomla.org/Security_Checkli ... rver_Setup
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

NotACircular
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue Aug 04, 2009 9:35 am

Re: How do I provide a secure setup for users on my server?

Post by NotACircular » Tue Sep 13, 2011 10:41 pm

I haven't copied or quoted anything from the book. RedEye's opinion was that my files should not be owned by root, but he didn't say why. I then pointed out that my directory and file ownership and modes are as recommended in the Apache book, on pages 49 and 50.

This is a bare metal server: I've installed everything on it, and nobody else uses it (yet). The problem is described in Sander Temme's blog (Sander is an Apache developer), at http://www.temme.net/sander/2010/07/30/ ... or-apache/.

Essentially, the Joomla developer (ie. my friend) needs write access to some directories. As Sander says in his blog entry: "Making directories writable by the web server should be done only with care and consideration... If a web app needs writable directories, it’s often better to have those outside the DocumentRoot: that way the uploads can’t be accessed from the outside through a direct URL. Some applications (WordPress for instance) support this, others do not."

The Joomla security page that you linked (thanks) doesn't really handle this issue. Under 'file permissions', it even suggests that the files might be owned by 'nobody' or 'wwwrun', which is presumably the user who owns the running copy of Apache. This isn't good: Apache should only have read access to your files.

So, my question is, how do admins who set up Joomla installations do this? Sander suggests two solutions: using ssh and unpacking manually, which my friend isn't happy to do, and keeping the files which need to be modified outside the document root, which Joomla can't do. Hence my suggestions in my original post.

There is a third option, which is to allow the Joomla developer to have write access into specific directories. I think, at first sight, that this is secure, because Apache never has write access to these files. I'll need to think about this some more, though.

Thanks.

NotACircular
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue Aug 04, 2009 9:35 am

Re: How do I provide a secure setup for users on my server?

Post by NotACircular » Tue Sep 13, 2011 10:49 pm

RedEye wrote:Well, I not have read this book but Iam pretty sure that it not tell you to have files for your site owned by root, permissions 644 for files and 755 for directories are ok.
It does; I've read it. The potential problem with having files owned by root occurs only if (a) an unprivileged user can write to the file, *and* (b) the web server is run as root. Neither of these conditions should ever happen.

Given this, it's clearly more secure to have the files and directories owned by root. This is why I asked the question. The Joomla user needs write access into a directory structure which they should ideally not be allowed to write into.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 40288
Joined: Sat Apr 05, 2008 9:58 pm

Re: How do I provide a secure setup for users on my server?

Post by Webdongle » Wed Sep 14, 2011 3:31 am

NotACircular wrote:.... The potential problem with having files owned by root occurs only if (a) an unprivileged user can write to the file, *and* (b) the web server is run as root. Neither of these conditions should ever happen.
.....
Without wishing to sound rude, but just trying to state facts. You obviously have not got a clue of what you are talking about.

First things first, is your WebServer to PHP Interface Apache or cgi ?
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

NotACircular
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue Aug 04, 2009 9:35 am

Re: How do I provide a secure setup for users on my server?

Post by NotACircular » Wed Sep 14, 2011 8:31 am

Webdongle wrote: Without wishing to sound rude, but just trying to state facts. You obviously have not got a clue of what you are talking about.
First things first, is your WebServer to PHP Interface Apache or cgi ?
I don't know how on earth you can think this isn't rude. You have stated that I haven't got a clue what I'm talking about, without having the courtesy to say exactly what you think I've got wrong, and why. This is exactly what RedEye did - apparently I have "a lot to read about server configuration", and "a web server is not a toy".
Let me restate the phrase that you object to. If the web server is run as root (which should *never* happen), then it has access to root-owned files. If an unprivileged user can also modify root-owned files (which should *never* happen), then there is a security issue: Apache can potentially serve a malicious unprivileged user's files. I cannot immediately see any other circumstances in which a "Joomla file" which is owned by root is a security risk.

However, as I said, I am not a security expert. If you or RedEye are, then I would appreciate an explanation of why this is incorrect, rather than a condescending put-down.
In answer to your specific question - apache2handler. This is a standard LAMP setup, as recommended in the Joomla install docs.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 40288
Joined: Sat Apr 05, 2008 9:58 pm

Re: How do I provide a secure setup for users on my server?

Post by Webdongle » Wed Sep 14, 2011 8:13 pm

NotACircular wrote:...
I don't know how on earth you can think this isn't rude. You have stated that I haven't got a clue what I'm talking about, without having the courtesy to say exactly what you think I've got wrong, and why. ....
My 'first things first' was the start of explaining where you went wrong. When you answer that then an explanation can be given. Or more to the point the level to 'pitch' the explanation can be ascertained. If you understood the question then it could be explained why it needs to be cgi. But if you didn't understand then a lengthy explanation is needed.

So, first things first, is your WebServer to PHP Interface Apache or cgi ? If the question is not within the scope of your experience then please say so.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

NotACircular
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue Aug 04, 2009 9:35 am

Re: How do I provide a secure setup for users on my server?

Post by NotACircular » Wed Sep 14, 2011 9:24 pm

Webdongle wrote: So, first things first, is your WebServer to PHP Interface Apache or cgi ? If the question is not within the scope of your experience then please say so.
Apache; apache2handler, to be precise.
Thanks.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 40288
Joined: Sat Apr 05, 2008 9:58 pm

Re: How do I provide a secure setup for users on my server?

Post by Webdongle » Wed Sep 14, 2011 9:51 pm

NotACircular wrote:.....
Apache; apache2handler, to be precise.
Thanks.
At the heart of the issue is file ownership. There are generally two main server users that end up owning your files - the FTP user, and the Apache/PHP user. Obviously, when you upload files using FTP, the FTP user ends up owning them. Therefore, if you give a file 755 permissions, then ONLY the FTP user can write to that file.
...
http://docs.joomla.org/Why_can%27t_you_ ... rom_ianmac

There are several ways around having 'WebServer to PHP Interface Apache' but probably the best is to change it to cgi(fast cgi). If you have dedicated Hosting then there should be an option in the Host's CP to run php as cgi(or fast cgi). If you have shared Hosting ask your Host to change the settings.

Having 'WebServer to PHP Interface cgi' will allow Joomla Ownership of the files. And thus will be allowed the privileges of the Permissions set in the first bit.(ie. 7 for folders and 6 for files).
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15077
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: How do I provide a secure setup for users on my server?

Post by mandville » Wed Sep 14, 2011 10:08 pm

I may be going a bit out the equation here but.
if you have a dedicated box /server and its only running this joomla site . and assuming its cpanel or similar
i would be tempted to create a reseller account, put this joomla install under that and jailshell it.
then you could create a secondary joomlainstall for your friend to mess on
outr of interest, run the forum post assistant extended version (link is in the "before you post read this" sticky so we can see what your setup is like.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
PhilD
Joomla! Hero
Joomla! Hero
Posts: 2734
Joined: Sat Oct 21, 2006 10:20 pm
Location: Wisconsin USA
Contact:

Re: How do I provide a secure setup for users on my server?

Post by PhilD » Thu Sep 15, 2011 10:00 pm

Um, actually run this version of the post assistant as the old one will not work or work properly on 1.7/1.6 install
Zip version: https://github.com/ForumPostAssistant/FPA/zipball/en-GB
tat.gz version: https://github.com/ForumPostAssistant/FPA/tarball/en-GB

upload the fpa-en.php file to where Joomla is installed and call it from your browser
http:// yoursite.com/fpa-en.php

Edit: (it's in development, but should work well enough at this point)
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator

NotACircular
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue Aug 04, 2009 9:35 am

Re: How do I provide a secure setup for users on my server?

Post by NotACircular » Wed Sep 21, 2011 10:01 am

Ok, here's the solution, in as much as there is a specific solution to this problem. Please note that this is for what I called above a "bare metal" installation. I had thought that this was self-explanatory, but obviously not. This is a server connected to the internet that you have direct (sole) control over; in other words, it can be thought of as being under your desk, although it may not be. I'm not going to credit any sources for this information, because there's a lot of it, and no one specific 'recipe' that I could find. A good place to start is the Apache mailing list, followed by the Apache IRC channel, and the IRC archives. A good rule of thumb is that you can, and should, ignore pretty much anything you read in Joomla- or Drupal-specific forums (or even "documentation"). However, I suggest that you probably shouldn't ignore this post.

Having said all that, there is no One True Answer. You need a setup that follows these basic steps. First, find out which user and group httpd runs under. Check your httpd.conf for the 'User' and 'Group' directives. On RH-type distros, these are probably user 'apache' and 'group' apache; substitute below as appropriate. I'm taking it as read that user 'apache' is unprivileged; if httpd is serving your files as root, then your installation is broken.

1 - site files must be readable by user 'apache'
2 - site directories must be searchable by user 'apache'
3 - CGI programs must be runnable by user 'apache'
4 - user 'apache' should not own *any* files
5 - user 'apache' should not be permitted to write *any* files
6 - group 'apache' should not own or be permitted to write any files
7 - lock down site access as much as possible while following the constraints above

This is where it gets interesting. You can do pretty much anything you want within these constraints, and it is common for the site files to be owned by root. Note that root ownership does *not* break any of these constraints. However, your web developers will require access to the site files and directories, possibly via ftp. One possible setup to handle this is:

8 - create a new group called 'web', and add all your developers to it
9 - give ownership of all your site files to either (a) one member of web (let's call him 'foo'), or (b) root (note: I am currently running (a), and haven't tested (b)).

Now fix your site ownership and permissions as follows. Assume that your site directory is 'mysite':

Code: Select all

# cd [directory-above-mysite]
# chown root:web mysite
# cd mysite
# chown -R foo:web .
# find . -type d -exec chmod 775 {} \;
# find . -type f -exec chmod 664 {} \;
Done. Note that user 'apache' comes in under the 'others' users. I'm sure that anyone who is familiar with basic Linux security and who has already done this will have a slightly different way of approaching this, and there are certainly other ways of doing it. However, this appears to be as secure as practical.
I've tested this for basic use by a webdev, on the premise that the dev has to manually change any files as required via ftp. I'm not sure to what extent this fits in with the Joomla philosophy, which appears to allow some modules to write directly to the site files. This would require user 'apache' to have write permissions to at least some files and directories. This is a significant security risk and must be avoided if possible. Informed comments welcome.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 40288
Joined: Sat Apr 05, 2008 9:58 pm

Re: How do I provide a secure setup for users on my server?

Post by Webdongle » Wed Sep 21, 2011 5:29 pm

The only real way to test it is to ask people to try and hack it. I'm sure there are several users who would like the practice :D This by the way is a serious suggestion.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

NotACircular
Joomla! Apprentice
Joomla! Apprentice
Posts: 24
Joined: Tue Aug 04, 2009 9:35 am

Re: How do I provide a secure setup for users on my server?

Post by NotACircular » Wed Sep 21, 2011 5:38 pm

Webdongle wrote:The only real way to test it is to ask people to try and hack it. I'm sure there are several users who would like the practice :D This by the way is a serious suggestion.
That might be the smart thing to do. Luckily, I'm not quite that smart... :)

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 40288
Joined: Sat Apr 05, 2008 9:58 pm

Re: How do I provide a secure setup for users on my server?

Post by Webdongle » Wed Sep 21, 2011 8:40 pm

There are many people that help in the Joomla forums who Audit sites. Usually they charge but there are probably some who would willingly do it for you. I'm not talking about blasting your url on the forum asking everyone and his dog to attack you. An indication from you that you have a test site up to be tested ... may well result in offers of help.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

exs
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Sun Sep 04, 2011 9:58 am

Re: How do I provide a secure setup for users on my server?

Post by exs » Wed Sep 21, 2011 9:05 pm

Is it not risky to ask other people to audit your site? Can't they corrupt the website and database by trying to hack it. Especially when you are running a live website...

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 40288
Joined: Sat Apr 05, 2008 9:58 pm

Re: How do I provide a secure setup for users on my server?

Post by Webdongle » Wed Sep 21, 2011 10:02 pm

exs wrote:Is it not risky to ask other people to audit your site? ...
It depends who is Auditing the site. Is it not risky to have a 'hole' in your sites security and not know about it until an untrusted person Hacks it ?
Last edited by Webdongle on Thu Sep 22, 2011 1:54 am, edited 1 time in total.
http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"When I'm right no one remembers but when I'm wrong no one forgets".

jeffchannell
Joomla! Ace
Joomla! Ace
Posts: 1964
Joined: Tue Jun 09, 2009 2:21 am
Location: WV
Contact:

Re: How do I provide a secure setup for users on my server?

Post by jeffchannell » Thu Sep 22, 2011 1:24 am

I knew I picked a good topic to follow.

:pop
http://jeffchannell.com - Joomla Extensions & Support
http://biziant.com - Open Joomla Firewall/IDS
Unsolicited private messages/emails = hire me to fix your problem.
καλλιστι

User avatar
RussW
Joomla! Exemplar
Joomla! Exemplar
Posts: 9363
Joined: Sun Oct 22, 2006 4:42 am
Location: Sunshine Coast, Queensland, Australia
Contact:

Re: How do I provide a secure setup for users on my server?

Post by RussW » Thu Sep 29, 2011 9:54 pm

There appears to be a huge discord in the many posts in this thread, many people coming at the same issue, in many different ways and at differing levels....

This 'discord' would seem to be generated by the vast amount of differing sources of information, and from what "view" these sources are considering.

O'Reily and other 'textual/theoretical' based sources only consider the base setup of the application, in this case, the Apache application as a standalone server, which is fine as this is a '1000ft' view of the basics.

The Apache mail-list source, that again is only considering the base application structure, which is also fine as long as it is understood that this is the "Developers" view.

The 'Systems Engineer' view, which again is valid, but only covers the application layer, as seen from the systems perspective.

The "System/Application Administrator" that is highly focused on functionality of the layer 3 application, in this case, Joomla!

The 'Security Engineers' perspective, which is often overlooked, but also limited by their focus... "locking down access" not always with a view on functionality.

and finally, the "Site Owner/Developer" needs, that doesn't want to, nor should need to consider the other layers.

This is not an uncommon occurrence, and presents many challenges for all concerned. Is there a single answer? Nope..! Are there many compromises? Yup, absolutely...

OK, in general, the application, in this case, Apache, should run under it's own 'user' and 'group', not root (from the security and administration perspectives). This assists with avoiding complete machine compromise from an application with elevated access to un-needed area's of the system. Apache is very adept at this and as such has been designed with this function in mind (normally, any public facing application is very aware of, and usually installs it's own user/group)

However, this can cause later un-wanted issues of ownership and access, when interacting with other processes (in this case, maybe PHP, MySQL and other libraries) or the file-system (in this case, read, write and execute requirements of the Layer 3 application, Joomla!).

You start to see where this is going? All systems, are "Layers" built upon "Layers" which all need to interact in a number of different methods.

So, in this 'very specific' application model (web-serving), others configuration actions are required to then retrospectively "limit" or "control" access from Layer3 apps, through Layer2 apps. In this case, Apache and PHP provide for this through differing implementations of PHP and Apache "data transfer pipes" (apache2handler, cgi, fast-cgi and equivalents)

Both these applications are "Multi-User" aware (not I didn't say, 'shared ' hosting), as is the operating system. This means that the OS needs to be configured for Multiple Users first, then the Layer2 applications need to be setup to understand this action and configured to make use of it. Next the Layer3 application (in this case Joomla!) makes use of the underlying facilities.

So, what's all that about? The OS should make use of "Multiple Users", Layer 2 Applications should make use of their own non-root "User Account", with some needing pseudo 'su' access to some libraries in read-only mode, Apache and PHP do this through a variety of modules or libraries, like CGI and fast-cgi (not, by default through the Apache apache2handler interface) combine this with PHP's suexec facility and/or the OS's or L2 Apps, suexec facility and Apaches' "Multi-User" configuration capabilities, allows the Layer3 Application, controlled and limited access to system resources, whilst being monitored, reported upon and shut-down if necessary.

In short, the most common and useful style of host sonfiguration would include (but not limited to)

- Multi-User OS
-'suexec' facility and/or 'wheel' facility
- upper-level directories and system utilities, root only
- mid-tier directories (L3 home folders), individual user access only
- lower-tier directories (L3 data folders), individual user access, with 'su' read, write (if required) access from L2 apps
- Apache, running under own, non-root account (not apache2handler PHP module)
- MySQL, running under own, non-root account
- PHP allowed 'su' access, only via the active L2 Application thread, only if thread UiD and Folder UiD match or permissions allow.
- Permissions never to exceed DIR: 755, FILE: 644 (controlled by Operating System uMask initially and later by 'thread' security ('su' at least, if higher security required by setUiD, setGiD or access control software).

If this is not a commercially supplied dedicated server and does not provide 'managed' configuration, then install a "Hosting Control Panel" either OpenSource or Commercial if you are unsure on how best to setup a server securely for back-end and public access across the web.

Securing a Server is not 'rocket-science', but it is a bit of an art and takes a lot of experience, understanding and 'ongoing' management and administration, throwing a server 'under your desk' and expecting a 'bare-metal' OS install and application installation to be secure is a little nieve and asking for trouble in the future.

I know this has not given any 'golden-bullet' answers, and has probably raised more questions than it answered, but hopefully it has added to the general understanding or what's required to get you where you want to be.
Joomla! on the fabulous Sunshine Coast...
hotmango, web & print http://www.hotmango.me/
The Styleguyz https://www.thestyleguyz.com/

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20384
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ Germany/ S'pore/Bogor/ North America
Contact:

Re: How do I provide a secure setup for users on my server?

Post by leolam » Sun Oct 02, 2011 6:04 pm

I have fun with this post for sure and will keep following it......For me and our servers it is so 'easy'....with all art and knowledge (keep in mind that is indefinite required!)

* Owners will be the user (webserver running as cgi/fastcgi ie suphp <cgi>)
* Folders therefore always 755 (777 will return a 500-error)
* Files always 644
For explanation (amongst others) see Russ' extended post (Russ: +1)

Keep posting !

Leo 8)
Joomla's #1 Professional Services Provider:
#Joomla Professional Support: https://gws-desk.com -
#Joomla Specialized Hosting Solutions: https://gws-host.com -
#Joomla Webmaster Services: gws-webmaster.services


Locked

Return to “Security in Joomla! 2.5”