You might be wondering what compelled me to undertake a Joomla! security book, I thought I would share some thoughts. Oddly enough, as I write this, America is moving into the 2008 presidential elections. Again it reminds me as to why I wrote this book.
Security in your website and PC is not much different from politics. Few people ask critical questions. Fewer still search for answers or check out the postings for help that abound on the forums. Everyone seems to be blindly accepting their software's and host's security, and freely downloading from the various sites offering cool extensions.
This lack of critical thinking has caused a near epidemic problem on the Internet with compromised sites, stolen identities, billions of dollars in theft, and so on all because many people are too lazy to not be ignorant. They are too lazy to "think" for themselves.
As harsh as this may sound, I hope it resonates with you before you read this book. I hope that you take the countless hours of work, research, and thought that went into this book and turn your ignorance into wisdom.
You do not have to sit idly while your server is taken over by a bot-net to be exploited (in the truest sense of the word) and sold by the MIPS (millions of instructions per second), the bandwidth, and the disk store. You can fight back! And you should!
Sit no longer by and claim that you "don't have the skill". With this book you are well on your way to not only having the skill, but also having the power in your hands to deliver a crushing blow to the bad guys!
Hence, the reason I wrote this book is to level the playing field for the good guys.
My hope is that this book will be a great read, a wonderful security companion, and a shield for your websites!
Godspeed!
Chapter 1 : This foundational chapter gets the reader ready by reviewing terminology, understanding hosting companies, and how to select them. It also deals with learning to architect Joomla! correctly at first, including where to download Joomla! from, its important settings, permissions and trip-ups, and lastly setting up metrics for security.
Chapter 2 : Once you have your site planned, setting up a test and development environment allows you to make sure each extension will work with the others as planned. This chapter gives the reader a methodology to effectively set up and use a test/dev environment, with a review of a great tool, Lighthouse, for software development project management.
Chapter 3 : There are a few key tools every Joomla! administrator should have in his or her security arsenal. This chapter covers the tools used to protect your site.
Chapter 4 : What is a vulnerability? It is anything that can be used against you to harm your site. This chapter introduces some common vulnerabilities and how they work.
Chapter 5 : Specific attacks such as SQL Injections are discussed here with live examples of code used to attack sites, kiddie scripts, and other more advanced attacks.
Chapter 6 : Do you ever wonder what tools the bad guys use? This chapter covers some of the commonly available tools, and how they are used against you.
Chapter 7 : This chapter details out the two important safeguards to your infrastructure. It offers a detailed view with code samples of each of these critical files.
Chapter 8 : Without a doubt, log files are the first and the best indication of a coming attack. Yet many administrators do not know how to interpret these critical files, or worse yet, ignore them. This chapter will teach the reader how to read log files and take care of them for forensic purposes.
Chapter 9 : SSL is the guardian of e-commerce on the Internet. In this chapter, you will learn how SSL works, where to obtain a certificate, and how to implement it in your Joomla! site.
Chapter 10 : Even the best laid plans go astray. If a site is actually hit, you have an incident to handle. This chapter will educate you on some best practices for handling the incident in an effective manner.
Appendix : Looking for that one bit of information? This chapter is a concise reference to highly important items of security information that will be important to your daily efforts in protecting your site.
This book is a must-read for anyone seriously using Joomla! for any kind of business, ranging from small retailers to larger businesses. With this book they will be able to secure their sites, understand the attackers, and more, without the drudging task of looking up in forums, only to be flamed, or not even find the answers.
Prior knowledge of Joomla! is expected, but no prior knowledge of securing websites is needed for this book. The reader will gain a moderate to strong level of knowledge on strengthening his or her site(s) against hackers.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
A block of code will be set as follows:
$userName = $_GET["userName"]; $code = $_GET["activate"]; $sql = "SELECT activated FROM users WHERE username = '$userName' AND activated = '$code'";
New terms and important words are introduced in a bold-type font. Words that you see on the screen, in menus or dialog boxes for example, appear in our text like this: "clicking the Next button moves you to the next screen".
Note
Warnings or important notes appear in a box like this.
Feedback from our readers is always welcome. Let us know what you think about this book, what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply drop an email to <[email protected]>, making sure to mention the book title in the subject of your message.
If there is a book that you need and would like to see us publish, please send us a note in the SUGGEST A TITLE form on www.packtpub.com or email <[email protected]>.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Visit http://www.packtpub.com/files/code/4886_Code.zip to directly download the example code.
Although we have taken every care to ensure the accuracy of our contents, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in text or code—we would be grateful if you would report this to us. By doing this you can save other readers from frustration, and help to improve subsequent versions of this book. If you find any errata, report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the let us know link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata added to the list of existing errata. The existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works in any form on the Internet, please provide the location address or website name immediately so we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with some aspect of the book, and we will do our best to address it.