Bots looking for Wordpress crashing my server

Discussion regarding Joomla! 3.x Performance issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Bots looking for Wordpress crashing my server

Post by gingerweb » Wed Oct 16, 2019 3:04 pm

None of my sites are hacked, (as far as i can be sure) all are audited regularly.

I have had this issue for a while now, it culminates in tremendous load on the server which ulitimately brings every site down, my hosts Memset now reckon they have the reason but not the answer. I guess this could also apply to other people too.

They reckon that bots are testing sites looking for Wordpress vulnerabilities, when they find a Joomla site (which 95% of mine are) they are not getting a 404 error which they should be and as a result they continually hit the site trying to get a Wordpress response. I had 21000 hits in a very short time from an IP in the Ukraine yesterday and they believe this is what is happening.

Is there something in the .htaccess file that is preventing this from getting a 404 and leaving the site alone or could there be something I can add to it to move them along to the next Wordpress site?

All my sites have a pretty much standard htaccess file in them (90% J3 but a couple of J1.5 and a few J2.5) ) although i do usually add a rewriteCond few lines to switch to www.

This is an example

Code: Select all

##
# @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $
# @package Joomla
# @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##

#####################################################
#  READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################

##  Can be commented out if causes errors, see notes above.
# Options +FollowSymLinks

#
#  mod_rewrite in use

RewriteEngine On

RewriteCond %{HTTP_HOST} ^mydomain\.co.uk
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ http://www.mydomain.co.uk/$1 [R=permanent,L]

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update Your Joomla! Directory (just / for root)

#RewriteBase /heatheremb.co.uk

########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$  [NC]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) index.php
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php72” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php72 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Wed Oct 16, 2019 6:34 pm

Why are they not getting a 404? do you use a redirect on non existing pages in your domain?
Have these show a 404.

Ask your host to install someting like fail2ban.
Have them create a rule against certain bots.

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Wed Oct 16, 2019 7:02 pm

Thanks, most sites 404 correctly i think there must be some that dont.
Is this really as simple as having a standard 404 page?
Will look into fail2ban
thanks

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Wed Oct 16, 2019 7:07 pm

It depends, but having a 404 is sometimes helpfull.. but beware make sure you have a real 404.. one that has a response header with the actual status of 404.

For the bots that are persistent a fail2ban or something a like can help.

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Wed Oct 16, 2019 7:13 pm

ok many thanks will do some Googling!

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Thu Oct 17, 2019 3:55 am

I have followed several pages instructions to create "proper" 404 pages but for what seems like a simple process doesnt seem to be working right on any site i try.

The majority suggest creating a 404 article and hidden menu link to this article, then copying the error.php from (i assume) administrator/templates/system to Templates/mytemplate and adding this


if (($this->error->getCode()) == '404') {
header("HTTP/1.0 404 Not Found");
echo file_get_contents(JURI::root().'index.php?option=com_content&view=article&id=XX');
exit;}
?>

immediately below

defined('_JEXEC') or die;

I have tried this and im not getting my error page, i either get a site hanging or a messed up template with this at the bottom

/** @var JDocumentError $this */ ?>
0 - An error has occurred.
Call to a member function displayMediaThumb() on null

JGLOBAL_TPL_CPANEL_LINK_TEXT

Any idea where i might be going wrong please?
the site i am trying this on is tufftoys4dogs dot co dot uk
thanks

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Thu Oct 17, 2019 6:30 am

well actually the built in 404 is sufficient.

you will just get this sample: http://cadet.nl/en/nonsense which is just fine.

the insctructions are about nifty errorpages matching your template... while the only thing you want to tell the bots is a 404 status...

by creating a page you even may end up providing a 200..

I see you are using cloudflare cdn.. check the firewall settings there too. And if you start using fail2ban, do make an "action" so fail2ban will communicate blocked IP's with your Cloudflare setup.
Last edited by waarnemer on Thu Oct 17, 2019 7:13 am, edited 1 time in total.

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 22322
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, The Netherlands
Contact:

Re: Bots looking for Wordpress crashing my server

Post by pe7er » Thu Oct 17, 2019 6:49 am

waarnemer wrote:
Thu Oct 17, 2019 6:30 am
by creating a page you even may end up providing a 200..
Yeah, if you add just an error article to your site, you will get a 200 success status.

You can solve that by putting the following code in the error.php in your template folder:

Code: Select all

use Joomla\CMS\Uri\Uri;

header("HTTP/1.0 404 Not Found");
echo file_get_contents(URI::root() . 'index.php?option=com_content&view=article&id=1234');
exit;
where 1234 is the id of your error article.

You can test the status in Google Chrome:
open "inspect" console,
go to "Network" tab
try to open a faulty page on your site (like example.com/fsafhsafsafdsa )
and see the http status of that page.
Kind Regards,
Peter Martin, Global Moderator
https://db8.nl - Joomla specialist, Nijmegen, Nederland
Co-developer of d2 Content https://data2site.com/joomla-extensions/d2-content

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Thu Oct 17, 2019 7:29 am

Thanks Peter, i have tried loads of different bits of code and yours is the best so far!
I will update shortly

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 37423
Joined: Sat Apr 05, 2008 9:58 pm

Re: Bots looking for Wordpress crashing my server

Post by Webdongle » Thu Oct 17, 2019 7:40 am

http://www.weblinksonline.co.uk/
https://www.weblinksonline.co.uk/updating-joomla.html
"The definition of insanity is doing the same thing over and over again, but expecting different results": Albert Einstein

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11765
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Bots looking for Wordpress crashing my server

Post by brian » Thu Oct 17, 2019 4:28 pm

If getting a huge number of hits in a short period of time searching for wp and this is causing your server to crash then a php based solution won't help you as this will still be resource intensive.

The correct solution is for your web server to issue the 404 etc directly and not the web site. This is infinitesimally more efficient.

Usually you would do this in your htaccess file by setting

Code: Select all

ErrorDocument 404 “<H1>Page not found</H1>”
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Thu Oct 17, 2019 4:58 pm

Thanks Brian i lke the sound of that a great deal as im still struggling with what should be a really simple process. Would this need to be in the individual sites htaccess or somewhere on the server htaccess ?

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11765
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Bots looking for Wordpress crashing my server

Post by brian » Fri Oct 18, 2019 11:05 am

depends on your server config but it will definitely work in the site htaccess
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Tue Oct 22, 2019 10:56 am

Brian.
i am interested in this as an option but i cant get it to work, if i add this to any of my sites .htaccess the sites go down immediately. if i remove it they work again.
i have tried it at the beginning and at the end of a standard joomla htaccess file with the same affect.
any ideas?
thanks

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Tue Oct 22, 2019 12:24 pm

You copy pasted right? Then the quotes around

Code: Select all

ErrorDocument 404 “<H1>Page not found</H1>”
Are not identical.. if you copy paste, try:

Code: Select all

ErrorDocument 404 "<H1>Page not found</H1>"

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Tue Oct 22, 2019 12:51 pm

Looking at this further it looks like the issue is worse than i feared and seems to apply to more than one site. I just cant get this site to go to a 404 error page and while it is trying to it is using considerable resources on the server, i can see the numbers rising coming from the same site.

If only i could get it to go to a 404 page, it really shouldnt be hard!!

I have setup a 404 article and hidden menu link to it called 404
I have copied the error.php from templates/system to templates/yoo_avenue (the template name) and then added this code to the error.php file

Code: Select all

defined('_JEXEC') or die;

header("HTTP/1.0 404 Not Found");
echo file_get_contents(URI::root() . 'https://www.thedomain.co.uk/404');
exit;
/** @var JDocumentError $this */
I would be happy to link to the site above but as i said above excess 404 type tyraffic to it causes really heavy load.

Is there something i have done wrong in the above steps? Is there any reason that an incorrect URL shouldnt give my new 404 page - which correctly displays if i go to www.mydomain.co.uk/404

thanks for looking

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Tue Oct 22, 2019 1:31 pm

Well starting from the beginning.
There is no reason why a "wp-hacking-attempt" like the usual domain.com/wp-login, domain.com/wp or domain.com/wordpress/* would not trigger a 404.

Any non existent page would trigger a 404 by default... the joomla default that is.
Unless you do have an auto redirect on non existent pages.. some people do redirect to a custom 404 that does not have a real status 404, some do redirect to the home page afraid missing any traffic....
For a bot a signal, something is there...

Also there are a huge amount of stupid bots, that just keep trying... even though there is no "wordpress-response". You are not that lucky to be on their list.

What happens if you yourself browse to "yourdomain.com/a_page_that_does_not_exist"?
What happens if you yourself browse to "yourdomain.com/wp-login.php"?

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Tue Oct 22, 2019 1:42 pm

By the way...looking closer at the previous posts.. you are not using the .htaccess file provided by the Joomla! package, are you?

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Tue Oct 22, 2019 1:55 pm

On this site i am trying to get it working on i have just done a total restore with a new database and selected the default .htaccess at the last point of the Akeeba restore so i know it is the default htaccess.

If i browse to mydomain.co.uk/wrongurl etc then the site just seems to hunt and hunt for the page and eventually it goes to a 524 Cloudflare error. While it is doing this i see on the server process manager increased load from this particular site as though there are many many requests to it.

Otherwise as long as an incorrect url isnt found then it works fine.
thanks for your help with this, much appreciated.

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Tue Oct 22, 2019 2:03 pm

I doubt it is the default Joomla! htaccess file since there are a lot of cpanel and comodo references in the code...
cpanel is a common management interface for virtual hosting
comodo is a certificate supplier/publisher
both have no ties whatsoever with Joomla!.

If you'd download a joomla install package and would isolate the htaccess from it, you would see the differences...

I think you are stuck with some old custom htaccess from the past .... did you have a series of upgrades on this site over the years?

Of course I cannot tell if your host needs specific entries in the htaccess, but usually they do not.

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Tue Oct 22, 2019 4:14 pm

I get what you are saying but this site definitely has the default htaccess in it, this was one of the reasons for recreating it from a backup
it is

Code: Select all

##
# @package    Joomla
# @copyright  Copyright (C) 2005 - 2019 Open Source Matters. All rights reserved.
# @license    GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of Apache mod_rewrite, but it may have already been set by 
# your server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##

## No directory listings
<IfModule autoindex>
  IndexIgnore *
</IfModule>

## Suppress mime type detection in browsers for unknown types
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>

## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root home page
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.


waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Tue Oct 22, 2019 6:06 pm

Ah yes ...that is another one than the one in your first post...

Anyway.. I even have problems getting through your site when using http:// the redirect to https:// takes forever (or at least more than a minute)...
Do you have access to your servers apache access and error log?
Can you check the apache error log on your webserver for hints?
Do you have a plugin enabled that redirects pages (in a possible endless loop?)

Since you are on Cloudflare... I wonder... did you set any rules in the firewall and page rules? Or did you stick to all defaults? As I read from the page response headers you do use cloudflare cache... what happens if you "grey-cloud" your site and bypass cloudflares cache?

If it is the enormous amount of wp tries..., you may set a firewall rule in cloudflare for these...

But if it is J!... Maybe you can read this and post your FPA result. viewtopic.php?f=806&t=969442

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Wed Oct 23, 2019 2:21 pm

maybe another possible cause to look into.

You do run a plugin or other extension with some twitter tracker. Is that correct?
At least that is what I can see when I open a non existent page on your site (domain.com/nonsense)
Do this while having dev tools open (F12) on tab Network.
Before the Cloudflare errorpage shows, I have a few requests like

https://cdn.syndication.twimg.com/timel ... lies=false

that will get me to this information this belongs to a well known tracker and is blocked by the browser...

https://developer.mozilla.org/en-US/doc ... gn=default

Check the part about the callbacks and the warning at the bottom...

Soon as the errorpage pops in, the requests dissappear from the network list... redirected.....

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Thu Oct 24, 2019 8:40 am

Massive thanks for this assistance!

There is a lot to try above but i have my suspicions about the Twitter tracker - would it be ok to PM you the actual url of the site i am most concerned about? I have disabled Twitter on it for now to see how that helps.
cheers
(not sure why i am no longer getting notifications of replies to this thread so checking manually)

waarnemer
Joomla! Hero
Joomla! Hero
Posts: 2329
Joined: Sun May 04, 2008 12:37 pm

Re: Bots looking for Wordpress crashing my server

Post by waarnemer » Thu Oct 24, 2019 8:56 am

Do send me a PM

By the way, click the wrench in the top yellow button and check subscribe... that should bring you back in the updates on this thread...

gingerweb
Joomla! Intern
Joomla! Intern
Posts: 64
Joined: Sun Aug 31, 2014 9:36 pm

Re: Bots looking for Wordpress crashing my server

Post by gingerweb » Thu Oct 24, 2019 9:20 am

Sent you an email through the forum and resubscribed it would appear! thanks

User avatar
darb
Joomla! Ace
Joomla! Ace
Posts: 1446
Joined: Thu Jul 06, 2006 12:57 pm
Location: Stockholm Sweden
Contact:

Re: Bots looking for Wordpress crashing my server

Post by darb » Thu Oct 24, 2019 12:05 pm

check pm for another "master" Joomla htaccess file and try it for your Joomla hosting environment
Success in the long run Its not about the code its about the people and community that's make it!
Its not what you say its what you do that matters!

Darb - aka ssnobben


Post Reply

Return to “Performance - Joomla! 3.x”