Today we are launching our new Incapsula for Joomla component. This new extension enhances Incapsula for Joomla website owners, administrators, developers and resellers, by integrating Incapsula directly into their Joomla admin panel.
Specific benefits of Incapsula for Joomla include:
- Centralized Management: Access Incapsula directly from the Joomla admin and receive live traffic statistics, performance reports, suspicious events and threat alerts. Manage multiple sites and accounts simultaneously, with direct access straight from your Joomla admin.
- Improved website security:Incapsula provides virtual patching against Joomla specific vulnerabilities and will also safeguard Joomla websites from scrapers, spammers, hacking attempts and DDoS attacks.
- Enhanced Performance:Incapsula accelerates Joomla websites by more than 40% and reduces bandwidth usage by more than 50% by leveraging its Global CDN and advanced Caching and Optimization features.
Incapsual for Joomla: Dashboard Unveiled
Joomla Security Study: 59% malicious activity, 13% takeover attempts
Joomla is among the most popular content management systems constituting 20 million of all websites worldwide. (W3Techs.com)
In our recent study, performed over a three month period on a random sample of Joomla websites, we saw that 59% suffered some type of malicious activity with 13% undergoing a full takeover attempt trying to exploit ‘the Joomla Privilege escalation’ and ‘JCE Shell Upload’ vulnerabilities. (see below)
According to W3Techs.com, 15% of all Joomla websites are running on versions 1.6 to 2.5 that are vulnerable to these serious exploits. Based on an attack rate of 13%, and the number of vulnerable sites, 400,000 Joomla websites are likely to be hacked over the next three months.
Joomla Security: Privilege Escalation Exploit
This is a fairly straight-forward exploit, which allows an attacker to gain full Administrative Privileges, like so:
- Failing Registration: By visiting \index.php?option=com_users&view=registration an attacker will initiate new registration process and fail it on purpose.
- Injecting the Form: Before submiting the “failed” form, an attacker will add <input name=”jform[groups]” value=”7″ /> to the HTML <form> tag.
- Taking over: The form will reload with an error message. At this time, by simply re-filling the form and injecting it again with the same name=”jform[groups]” value=”7″ string, an attacker will be able to log inside. Moreover, he/she will be assigned to an “Administrator Group”, receiving full Administrative Privileges and have almost total control over the site and its content.
Originally published by Jeff Channell
Joomla Security: JCE Shell Upload
Affected JCE versions: 2.0.10 (Image Manager 126.96.36.199, Media Manager 188.8.131.52, Template Manager 1.5.5, File Manager 184.108.40.206 & prior versions also may be affected)
JCE is a popular Joomla extension that provides its’ users with WYSIWYG document processing and editing tools.
With this vulnerability the attacker can exploit JCE basic functionality to:
- Upload masked files, made to look like ordinary media resources (.jpg or .gif)
- Make them executable by changing the extension (.php or .htaccess)
- Use these files to damage the website, gain further access, reroute traffic and etc
JCE Exploit: Proof of Concept Command Console
To learn more about Joomla Extension Vulnerabilities visit: Joomla.org: Official Vulnerable Extensions List
Would you like to write for our blog? We welcome stories from our readers, customers and partners. Please send us your ideas: firstname.lastname@example.org