Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
cybersecuritysecurity best practicesJoomlaStrengthen Your Joomla Website Security: Best Practices for 2022
Looking to secure your Joomla website? Here are some best practices to prevent your Joomla website from getting hacked by cyberattackers in 2022. . The evolution of internet services and better connectivity have improved content consumption among users. There are more than 1.7 billion websites on the internet. Businesses need to stand out in a market crowded with high content volume. This is where a content management system like Joomla can help. However, companies need to have specific measures in place regarding Joomla website security. But before we discuss the problems with Joomla Security and its solutions. Joomla has been the second most preferred CMS after WordPress. There are more than 4,172,773 live Joomla websites on the internet. However, many security issues related to the Joomla website need reliable solutions. For example, CVE-2017-8917 is one of the most significant SQL injection attacks in 2017 that affected several Joomla websites. However, it is not a single occurrence, and there have been several cyberattacks on the Joomla website. First, let’s understand the history of Joomla website security issues. Brief History of Joomla Security Problems Like all other CMSes in the market, Joomla has its vulnerabilities, making it a problem for many website developers. According to a report, cross-site scripting (XSS) is one of the most significant contributors to Joomla website security issues. However, if you consider the competition, Joomla still comes out as a winner in security. There are several features Joomla has pre-built but different extensions and templates which can be vulnerable. According to research from just last year, Joomla has been subjected to more than 100 vulnerabilities due to extensions. Different Joomla extensions were tested for cyberattacks like rXSS, sXSS, DOM XSS, and SQLite during the research. Extension Identifying path Installation percentage rXSS sXSS DOMXSS SQLite Akeeba Backup com_akeeba 59.6% 3 0 0 0 AcyMailing com_acymailing 34.4% 5 0 0 1 Advanced Module Manager com_advancedmodules 12.4% 0 1 0 0 JEvents com_jevents 11.9% 5 2 0 1 eXtplorer com_extplorer 11.4% 6 0 0 0 Phoca Gallery com_phocagallery 4.7% 18 0 0 0 Community Builder com_comprofiler 3.6% 1 0 0 0 Ark Editor com_arkeditor 3 0.1% 5 0 1 0 Ozio Gallery com_oziogallery 1.7% 0 31 0 0 Sigplus /media/sigplus 1.2% 0 1 3 0 Another key security challenge is updates. Over the years, there have been several versions of Joomla with exposed vulnerabilities. For example, all the versions of Joomla before 3.9.5 suffered from the Cross-Site Request Forgery (CSRF) attacks. Also known as the CVE-2019-10945 , it was a directory traversal bug that helped attackers execute the CSRF attacks. Similarly, there are several different vulnerabilities that attackers have exposed across different Joomla versions. Another key source of Joomla security issues is the underlying PHP. It is also important to understand that Joomla is written in PHP. Joomla is based on the Object-oriented programming approach, and MySQL acts as a database. So, problems in PHP can cascade to Joomla websites. You can find several Stackoverflow conversations on PHP causing Joomla website issues. This is why you need to have specific securitybest practices for PHP-related problems. For example, privilege escalation is an attack where attackers gain access to admin privileges. CVE-2016-8869 is one such PHP-based vulnerability linked to Joomla servers that provide elevation of privilege escalations. However, there are several key security best practices that you can use to secure the server. Joomla Server Security Joomla website security depends on several factors, one of which is server vulnerabilities. So, before you install Joomla, it becomes key to ensure that PHP and server are secure. Fortunately, Joomla provides a security checklist that you can use to secure the server. Here are some of the points you need to consider from the checklist, Use Apache .htaccess to password-protect sensitive directories and block exploits with access restrictions. Joomla provides preconfigured .htacess files, which you can place in the FTP root file and leverage the “Least Privilege” approach to run PHP tools. PHP Being Run as an Apache Module can lead to ownership issues and security nightmares. However, you can select a server host that will run the PHP as a “cgi process” and phpSuExec configurations. It allows administrators to isolate each malicious script and manage them. Use PHP disable_functions to disable specific functions that can harm Joomla security. The code that you can use is disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open Control server File permissions to ensure that attackers can’t gain access to admin controls, especially you can restrict code change access. Setup a backup and recovery process to ensure that you don’t lose out on the key website data, and if there is a ransomware attack, information remains safe. Apart from the checklist, there are many Joomla security best practices that you can use to secure PHP and servers. Harden Your PHP Configuration PHP is the core of your Joomla website security, and that is why it becomesvital to harden its protection. One way to achieve high-level PHP security is by making specific changes in the php.ini of your Joomla website. Here are some best practices to follow, Hide PHP versions so that attackers are unaware of specific vulnerabilities in the underlying architecture for exploits. Whitelist specific directories through PHP configurations Disable error display to the end-user device. Disable PHP functions like Exec, passthru, shell_exec, system, proc_open, proc_close,proc_terminate, popen, curl_exec,curl_multi_exec, etc. Change the default database prefix Changing the default database prefix can help you prevent SQL injections which attackers use to gain access to super administrator privileges. All the latest versions of Joomla already do this during initial installation, but here are the steps to follow for changing the default database prefix for existing installations and to understand more about how to access the Joomla! database directly. Log in to your Joomla! backend and go to the global configuration Find a database option and change the database prefix to something random Now phpMyAdmin and access your database to export the default configurations Select all the code from your exported information and copy it on notepad Next, go to phpMyAdmin and delegate existing data Now, replace jos_ with your default database prefix in notepad Copy the code to your SQL in phpMyAdmin and run queries. Install a Digital Certificate A digital certificate is based on cryptographic encryptions ensuring secure communication between a browser and your website server. SSL or Secure Sockets Layer certificates help secure Joomla websites from attacks like Man in the middle attack(MITM). Apart from that, it also prevents code injections into your Joomla server. The best part about installing an SSL certificate is that it helps with higher search engine rankings for your Joomla! website. One of the critical aspects of Google’s guidelinesfor search engine optimization is the HTTPS protocol. SSL certificates allow your Joomla websites to enforce HTTPS protocol. Installation of individual SSL certificates for a multi-domain Joomla website can be costly. Fortunately, you can install a multi-domain SSL certificate that secures all the domains through a single certificate. While these Joomla security best practices help ensure your server and PHP, you need other measures to cope with extension vulnerabilities. Joomla Application Security Securing your Joomla web apps needs more than configuring the PHP right. It's not just about the server either, as you will be dealing with several extensions and templates which enhance customer experience. Keep your Joomla core up to date The first thing you should do is check that your instance is running the latest patch of Joomla. Official releases will update with new features and functional bug fixes, but more importantly patch security vulnerabilities. Keep extensions up to date After updating your Joomla core, check your third-party extensions. Vulnerable plugins are a common attack vector for adversaries targeting a CMS-based site. Remove unused and known-vulnerable extensions More third-party code means a larger attack surface. Frequently audit the plugins installed on your site by visiting the Extension Manager in Control Panel and remove any that aren’t in use. Audit privileged users Joomla allows three privileged user groups to access areas of the Control Panel: Managers — access to content creation features and system information in the backend Administrators — access to most administration functions but not Global options Super Users — access to all administration functions with complete control Enable two-factor authentication Two-factor authentication is an excellent defense measure which you should take advantage of, especially for privileged users who hold Manager, Administrator or Super User status. See our reference toAdminExile in the Extensions section below for ideas on how to do this. Monitor your site for malicious content Check the status of your Joomla site on a regular basis and take immediate action if issues are detected. When investigating a potentially compromised website, use the on-demand VirusTotal URL scanner to narrow down the manner of infection. Subscribe to Joomla’s official Security Announcements Joomla publishes vulnerability advisories on the Security Announcements page. Subscribe to email notifications via FeedBurner or add the RSS feed to your reader of choice to stay up-to-date with resolved issues in the core software. Extensions and template security Extensions and templates can be obsolete, deprecated, and have legacy vulnerabilities. So, it becomes essential to monitor for security patches that are released time and again for these extensions. Apart from that, you can use the approach of lean data access. Restrict access to data through these extensions and secure your Joomla websites. Here, you can use multi-factor authentications to ensure that the data access is secure. It is a security best practice where you validate the data access through multiple authentications. One example of multi-factor authentications is 2FA or two-factor authentications. Here, users need to verify their email address, password, and a separate passcode sent to their devices. Make Use of Web Application Firewalls (WAF) Web Application Firewalls to help secure your websites from different OWASP-defined malware, ransomware, and cybersecurity attacks. It helps monitor, filter, and block malicious traffic to your web application. Further, WAF can prevent unauthorized data access and secure information on the app. The best part of using a WAF is how you can customize it according to security needs. It adheres to your security policies and helps identify secure traffic. All of the above security best practices are a great way to secure your Joomla website, but you need to scan itregularly for sudden changes. Joomla Security & Vulnerability Detection Extensions Securitycheck by Texpaok is a modular interface designed to manage the entire extension quickly and easily with a firewall that has been tested against more than 90 SQL, LFI, and XSS attack patterns, and includes features such as IPv6 support, blacklist, whitelist and more. OWASP Joomla! Vulnerability Scanner is an open-source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployments. Implemented in Perl, this tool enables seamless and effortless scanning of Joomla installations, while leaving a minimal footprint with its lightweight and modular architecture. RSFirewall! was developed by RSJoomla!, to be used to protect your Joomla! website from intrusions and hacker attacks. It's backed up by a team of experts that are trained to be always up to date with the latest known vulnerabilities and security updates. Watchful Client is a webmaster toolbox that automates tasks such as creating website backups, scanning for signs of intrusion, and bulk-updating the extensions you trust. You can also scan your site for the use of security best practices, perform a deep scan to look for potential security threats, and generate website reports for your clients. The AdminExile Plugin has long been a favored and highly rated extension in the JED. AdminExile is a Joomla system plugin designed to secure access to the /administrator URL and prevent unauthorized access to the /administrator login form itself. AdminExile implements many different types of access control, including access keys, IPv4/6 Block/Allow Lists (IP and CIDR netmasks supported), Brute Force detection, front-end Restriction, ost Key Recovery, and stealth mode to prevent access by unauthorized actors. The Brute Force Stop plugin stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IPaddress can be blocked. Monitor Site for Changes There are a number of resources at your disposal to identify something that has gone wrong on your Joomla website. In the event of a security breach, it is important to employ a tool such as integrity monitoring and auditing/alerts. Eyesight Eyesite scans your directory structures, storing the details of every file in a database table including the file date/time, size, and md5 checksum of the file. Every time Eyesite re-scans the directory structure, it re-calculates the md5 checksum of each file, and compares it to the one stored in the database. Eyesite is then able to detect any files in the directory tree that are new, changed, or deleted. If any changes are detected, Eyesite sends you an email. Mail Catcher Mail Catcher is a utility component for Joomla! that catches, logs and monitors emails sent in your site. It is useful for developers and administrators by monitoring and keeping track of all emails sent from Joomla site for debugging and administration purposes. Mail Catcher also tracks extensions that send emails regularly and frequently like newsletters or subscription systems, and will help you see if the emails were sent as intended. Integrity Monitoring Integrity checks are crucial when auditing your Joomla installation by giving you an early warning of an intrusion on your website. File Integrity Monitoring tools should be installed on a server where a baseline cryptographic checksum of the critical files and registry entries can be created and you’ll receive a notification if a file or record is modified. Consider using Samhain or OSSEC Syscheck or Tripwire Open Source for these tasks. Let us know if you’d like to see more on these topics. Auditing / Alerts Auditing tools provide visibility into user activity on the website. Some things the administrator should be questioning include: Who is logging in? Should they be logging in? Why are they changing that post? Why are they logging inwhen they should be sleeping? Who installed that plugin? Why are they taking that action? Logging activity is also extremely important which is why you must use a tool that logs and alerts you of any actions taken on your website, including: User authentication successes and failures User creation/removal File uploads Article and page creation Article and page publishing Extension installation Template modifications Settings modifications Protect phpMyAdmin Security PhpMyAdmin is a MySQL/mariadb administration application written in PHP that allows an admin to interact with the database through their web browser, greatly simplifying many common administrative tasks. Many admins choose to use phpMyAdmin to help with more advanced Joomla database functions. However, it is critical that you ensure access to the Joomla database is limited and protected with the best security settings. Here are a few tips you should know about to ensure you’re not allowing threat actors to subvert your Joomla security by attacking the database directly through a vulnerable phpMyAdmin configuration. Be sure you are using a digital certificate to encrypt access to your phpMyAdmin installation. Be sure you have protected phpMyAdmin with a password, and don’t allow direct root access. Change the default phpMyAdmin login URL to something only known to you. Restrict access to the phpMyAdmin application by IP addresses. Many of these options and parameters are set in the apache configuration included with the installation. Final Checks: Run a Security Scan If you want to ensure the Joomla website tweaking the configurations is not enough. You need to monitor the website and scan for vulnerabilities. Especially any new version update or addition of a feature can lead to unknown vulnerability. It can open a backdoor for attackers to execute cyberattacks. Another security best practice to secure the Joomla website is to conduct extensive penetrationtesting. A pen test helps ensure the resilience of systems against the penetrative force of different cyberattacks. There are many Joomla vulnerability scanners and pen test tools that you can use. Here are a few to get started. Security Check - protects your website for more than 90 attack patterns, and it has a built-in vulnerability check to test installed extensions for any security risk. Joomscan - finds known vulnerabilities of Joomla Core, Components, and SQL Injection, Command execution Many of these can be found in the Joomla Extensions Directory. Also, consider PHP code scanners and other more general web application security scanners. Conclusion As the number of internet users grows, the risks of a possible cyberattack become more prevalent. Joomla security will need more aggressive monitoring, altering and restricting the data access policies. The best practices we discussed here will help you overcome the security challenges of Joomla websites and ensure adherence to security policies. However, which best practices to use will depend on specific website requirements. . Ensure robust security for your Joomla website by implementing protective measures and best practices that effectively combat cyber threats.. Joomla Security, Website Protection, Cybersecurity Practices, CMS Security, PHP Configuration. . Brittany Day
Jun 07, 2022
•
102
security advisoryopen sourcesecurity solutionCrowdSec Bouncer for WordPress: Effective Protection Against Attacks
The CrowdSec team is expanding the capabilities of their open-source and free security solution by finalizing the release of its brand new application bouncer on the WordPress marketplace . This new bouncer is compatible for versions 1.0.x and beyond. Given that the vast majority of websites in the world are hosted on WordPress, this addition will improve CrowdSec's defense arsenal in its mission to defend the greatest number. . First steps This bouncer has been designed to protect WordPress-hosted websites from all kinds of attacks. To be able to use this blocker, the first step is to install CrowdSec v.1.0.x. Release v1.0.4 · crowdsecurity/crowdsec · GitHub The installation and configuration of the plugin can be done in a few clicks from the WordPress marketplace. Please note that first and foremost CrowdSec must be installed on a server that is accessible via the WordPress site. Remember: CrowdSec detects, bouncers deter. A step that is fortunately greatly facilitated by the solution's intuitive wizard. Within ten minutes your WordPress site will be protected from attacks by the user community, now spanning more than 70 countries and 400 cities. The “Flex mode” - a bulwark against false positives Thanks to the "Flex mode", it is impossible to accidentally block access to your site to people who don't deserve it. This mode makes it possible to never ban an IP but only to offer a Captcha, in the worst-case scenario. CrowdSec blends into your design When a user is suspected to be malevolent, CrowdSec will either send him/her a Captcha to resolve or simply a page notifying that access is denied. Please note that it is possible to customize all the colors of these pages in a few clicks so that they integrate best with your design. On the other hand, all texts are also fully customizable. This will allow you, for example, to present translated pages in your users’ language. The standard "Captcha wall" looks like this: Youwill be able to customize it as you feel like. Below is an example after having played a little with colors and texts: The right balance between performance and security By default, the "live mode" is enabled. The first time a stranger connects to your website, this mode means that the IP will be checked directly by the CrowdSec API. The rest of your user's browsing will be even more transparent thanks to the fully customizable cache system. But you can also activate the "Stream mode". This mode allows you to constantly feed the bouncer with the malicious IP list via a background task (CRON), making it to be even faster when checking the IP of your visitors. Besides, if your site has a lot of unique visitors at the same time, this will not influence the traffic to the API of your CrowdSec instance. If you've ever been confronted with high traffic, you are probably familiar with Redis or Memcached technologies. You have the capability to activate these caching technologies in the CrowdSec bouncer settings to guarantee invisible IP control on your site. CDN-friendly without forgetting other load balancers If you use a CDN, a reverse proxy or a load balancer, it is now possible to indicate in the bouncer settings the IP ranges of these devices in order to be able to check the IP of your users. For other IPs, the bouncer will not trust the X-Forwarded-For header. Coming up next Soon, the plugin will have a dashboard allowing you to visualize the activity of your bouncer in live. It will also be possible to connect directly to CrowdSec's global reputation database, without having to install an agent on your machine if you don't wish to. Widely tested, 100% open source This plugin has been tested on the vast majority of WordPress versions installed in the world (90%+), according to WordPress real-time statistics. It has also been tested on a very wide range of PHP versions (7.2, 7.3, 7.4 and 8), the language in which WordPress is coded. This plugin is released under MIT, themost permissive and free license in the world. Its source code is fully available on GitHub . Fortify your WordPress site with the latest CrowdSec bouncer to guard against a range of threats and ensure your online presence remains secure.. CrowdSec Bouncer, Open Source Security, Website Protection, Attack Prevention, WordPress Security. . Brittany Day
Apr 26, 2021
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More