This section covers information that is general in nature for your site's security.
The purpose of a tool kit is like a "ready bag". It should contain the items that you need to recover or respond to a problem with your site.
You are free to modify, add, or delete any of these to make them fit into your personal situation.
1. Blank CD-Rs To record logs for forensic purposes
2. A CD-R that is burned with your tools (see tools section)
3. Small tool set to work on your computer:
a. Phillips head
b. Flat-head screw driver
c. ¼" nut driver
d. Pliers
e. Small flashlight
4. Note pad
5. Pen and notepaper
6. A copy of your site (for restoration), this can and should be a recent copy. However, DO NOT put your master backup here.
7. One or two large capacity USB drives: One should be blank. But on the other you may want to put all your current (meaning stable, patched) extensions, a copy of your version of Joomla!, the most recent version (in your family 1.xx or 1.5.xx) on the key as well as the template, and any extra scripts or code necessary. This means that you can at least rebuild quickly if you have to.
The key to a successful restoration post-hack is having a good backup of the database, files, and other assorted software.
Some of the tools that I like and find to work very well are:
Hosting Control Panel (such as cPanel or Plesk)—These built-in tools can often automate backups for you, capturing the files and database that comprose your site.
JoomlaPack—Available from joomlapack.net. This GPL-licensed tool is a feature-rich toolset that will make your backup and recovery a breeze.
JoomlaCloner—Available from JoomlaPlug.com. This commercially available tool can make a "clone" of your site and allow you to restore quickly.
Manual—This method, while effective, is a time-consuming venture. This is where you copy all files down, export your SQL data, and write to external media.
The key to all these is to pick one, learn it, and use it. Document everything in your Disaster Preparation Guide and store with your tool kit. Additionally, make sure that you have a recent copy of your data offsite.
Note
What is a recent copy?
It depends on how important your data is and how frequently your data changes. If you have a very busy site and it's changing often, then daily backups are important. If you have a slow site that updates every now and then, you are probably safe backing up less frequently.
For more information see my other book Dodging the Bullets—A Disaster Preparation Guide for Joomla! Web Sites.
Your assistance checklist should include the following and while it may seem strange, keep in mind that YOU may not be doing the supporting. If you are depending on someone else, they won't necessarily know this information:
Phone number (a 24 hour, 7 days a week support number)
Your account number
Any security information they need
Phone number (a 24 hour, 7 days a week support number)
Your account number
Any security information they need
The domain in question
This should be the same as for the webhost with an addition of procedures to enter the building, the cabinet you are in, and location of "keys to unlock".
Super user administrative name and password
FTP information
Any other information relevant to your site
Where are they?
How do you restore them? (document)
Utilities contact information (emergency and after hours):
Water
Electrical
Gas
Law:
In the event you have to travel TO a site for your website
Location of current copies (note you should have these in your toolkit, in the event you cannot immediately get to their site)
Contact at their site (forum, email, and so on)
The following is a list of websites that you should monitor for important information such as new vulnerabilities, exploits, and security news:
Your basic security checklist is a collection of items that will help you to ensure that you are secure.
Physical Security (of an office, facility, or server closet)
Make sure server(s) stay locked.
Look for evidence of any tampering such as an "odd device" plugged into network (this could be keyloggers).
Scan for rouge wireless devices attached to your network.
Watch for anyone attempting to gain access to your building who shouldn't.
Electronic
Scan your site (a good tool is Nmap) to make sure your host/colo hasn't turned on ports that should be closed or filtered.
If you do NOT need ports ON, then close them. Following are some examples of common ports found open:
Port 53 (DNS Zone Transfer)
Port 23 (Telnet)
Ports 161 and 162 (SNMP and SNMP trap)
Passwords:
Are they strong enough?
Define a change policy (preferably every 30 days).
Require your users to have a strong password.
Vulnerabilities:
Periodic checks of extensions to check whether Joomla! Core, Apache, MySQL, and the base OS are in order. Make a weekly habit of checking the sites, or a better option is to subscribe to the RSS feeds.
FrontPage extensions: If you do not need it, turn it OFF. This is one of the best things you can do for your site.
Confirm whether
.htaccessis in place.Confirm whether the necessary commands in
php.iniare in place (if applicable).Use the tools in this book to check for file and directory permissions.
Install JCheck as your tripwire system for Joomla!
Periodically Google your site to see what comes up. This can help if someone has written negatively about your site, such as saying that your site is a spammer.