RSJoomla! Blog - tutorials, tips & updates about security

The Joomla! Developer Team has announced the availability of two new Joomla! versions (1.7.2 and 1.5.24), both fixing several medium security issues detected in previous releases.

The RSFirewall! source code has been updated with Joomla! 1.7.2 and 1.5.24 hash files as well.

 

We’ve released today a new RSForm! version (1.0.6) with several security fixes, due to some medium-level vulnerabilities (SQL and LFI injections), that affect the previous revisions.

The new release comes also with some fixes and code optimization listed below:

• Replaced deprecated PHP5 functions
• Fixed - Removed legacy Joomla! functions
• Fixed - Rewrote several SQL queries to increase performance
• Fixed - 500 Errors when email was not correctly set
• Fixed - CSV added an extra comma at the end of every line

We keep RSFirewall! inline with the evolving attacking methods, thus we’re releasing this new revision - 18, with improved XSS (Cross-site scripting ) and LFI (local file inclusion) detection methods.

Updated XSS detection

In the new revision, RSFirewall! relies on an increased range of XSS filtering and uses extra triggered actions to block XSS attacks. The attacks are automatically blocked.

Why is important to protect your Joomla! website by XSS attacks?

XSS attacks affect the end user, not the website itself because of the improperly variable validation in web applications, thus allowing to run arbitrary code (JavaScript, HTML, Flash, etc) on the user computer.

Starting with RSFirewall! rev. 15, we have introduced a new Active Scanner option :
user-agents check for common malware user agents.

Basically, when the Active Scan runs (is enabled from the RSFirewall! configuration), it will look for automated scripts meant to scan websites for vulnerabilities. These will be detected with the help of user agents and will be blocked and reported into the log.

The option is active by default, but if you don't want to perform this task you can disable it from Firewall! Configuration:
Components - > RSFirewall! -> Firewall Configuration -> RSFirewall! Active Scanner.

Check user agents for common malware:

Today we've released RSFirewall! Revision 9, which contains a new feature: it cleans the backdoored versions of Jumi from your website. You can read the changelog here.

Jumi is a very popular Joomla! component, some of our customers being already affected by this backdoor - so we added this security measure as an extra protection layer to keep our customers' websites safe.

As usual, we advise you to run the System Check and follow the on-screen instructions to obtain a better security rating on your website, keep passwords safe and always be up to date with the latest software versions and the latest threats.