Most Content Management Systems (CMS’s) have a unique identifying login URL. For example, WordPress uses
for your admin login page. Because of this, hackers assume that is your login and can try to use this info, as well as the default username of admin. If you do not modify either of these, your potential risk for being hacked goes up exponentially. It is important that you select an administrative username that is unique to you or your business and create a secure password. Continue reading “Securing Your CMS Admin Login”→
Our Cloud Sites platform is a cut above the rest with its One-Click Installer we take the pain out of creating websites allowing you to focus on building out your website. Whether your CMS of choice is WordPress, Drupal, or Joomla – our Cloud Sites platform has streamlined the process of spinning up a new site. Setting up a new site is complicated – from adding administrators, uploading files and databases. We simplify all that complexity with our smooth-running installer. Our One-Click Installer quickly uploads & configures core files, getting your site up with speed and ease has never been easier.
Installing WordPress, Drupal or Joomla on Cloud Sites using our One-Click Installer
To begin the process you will need to be logged into your Cloud Sites control panel. Once you’ve logged in you will be able to begin the process. If you do not have a Cloud Sites account you can order one from our Cloud Sites product page.
Create a Website: From your Cloud Sites Control Panel find and click the “Create Website” button.
Choose Your CMS: Select the drop box next to application to install the latest version of your chosen CMS.
Configurations: Fill in details of the site and click “Create New Application”. Three simple steps later, you have yourself a new site with time to spare.
And it’s just that simple – setting up a new website and CMS has never been so easy. No more having to build server infrastructure and no more installing the CMS software by hand. Our Cloud Sites platform will manage all of that for you, all you have to do is fill in a few blanks and hit “Create New Application” and you’ll be on your way. If you’re a current Cloud Sites customer give our rebuilt one-click CMS installer a try.
If you’re not a Cloud Sites customer yet, then never managing servers again is just $150/mo away. Our One-Click Installer is one of the many features offered within the Cloud Sites platform. Check out other ways to simplify your web hosting needs at our Cloud Sites product page. Once you sign up you’ll be ready to start immediately and getting your new site setup is just a few clicks away!
Joomla’s latest update addresses a critical remote command-execution vulnerability that has been actively exploited in the wild since at least Dec. 12, 2015.
The vulnerability affects every version of Joomla from 1.5 to 3.4.5, and Sucuri reported that nearly every site they checked had been targeted when Joomla 3.4.6 was released to address the issue.
CVE-2015-8562 was made public Dec. 12, 2015.
The vulnerability allows an attacker to remotely execute commands by exploiting Joomla’s method of writing session data to its database.
Every version of Joomla from 1.5 to 3.4.5 is vulnerable.
Joomla 3.4.6 has been released to address the vulnerability, and patches have been released for unsupported versions of the software.
As first reported by Sucuri, the vulnerability allows an attacker to exploit the way session data is processed before it’s stored in the database. In several reported cases, a php shell installed via the exploit has been used to modify core files, with one result being unwanted email (spam) being sent from the server.
In line with Sucuri’s findings, we also noticed these attacks shortly after the updates were announced by the Joomla team. On a sample set of servers, we noted about 10 attack attempts per server by Dec 15. As of 2 p.m. on Dec. 16, that number was more than 50 attempts per server, and likely to keep increasing as attackers continue their efforts.
Liquid Web’s Fully Managed cPanel servers include our ServerSecure package by default, and were protected against various versions of this exploit by our ModSecurity rules. While this certainly is good news, it is not a reason to put off updating your software to the latest version.
Has Your Joomla Site Been Targeted?
To check whether your site was targeted by this attack, you can search for a specific string in your domain access logs.
On a cPanel server, the access logs for each domain are stored in /home/accountname/logs and /home/accountname/access-logs.
Alternately, the most recent logs for all domains on the server should be in the directory /usr/local/apache/domlogs/.
Once you have located the relevant log files, you can use the grep command to check them. For example, this command checks for attempts to exploit the Joomla vulnerability on sites under the cPanel account joe over the last day:
If any log entries are returned, then you’ll know your site has been targeted. Assuming that Joomla actually is installed on the targeted site, you should check for any recently updated files in the installation or scan it with a tool such as ClamAV or Linux Malware Detect (maldet).
Was Your Joomla Site Protected?
If your site was targeted and you are a Liquid Web customer, you can take the IP address(es) from the log output you found above and check them against Apache’s error_log to see whether the requests were blocked by ModSecurity. In this sample command, we’re checking the IP address 18.104.22.168:
If the log does show that ModSecurity blocked the requests, it is likely your site was not able to be breached. However, regardless of the result, you should proceed with updating your site as soon as possible.
Resolution: Update or Patch Your Joomla Site
The process for protecting your Joomla site against the remote command-execution vulnerability depends on your Joomla version. You can check the current version by logging into your Administration panel. If the version number is not displayed at the bottom of the page in the footer, select Joomla! Update from the Components menu to see your current version.
Joomla 3 Sites Require an Update
If you have not done so already, back up your site and the site database now before proceeding, or check your automated backup solution to ensure that you have a recent backup from which you would be comfortable restoring the site if necessary.
Log into your Administration panel.
You should see a banner indicating that version 3.4.6 is available. If so, and if you have backed up your site and the site database, click the Update Now button to update to the latest version.
On the Update page, you are reminded to ensure that your installed extensions are available for the version you’re updating to. Once you have verified that, and have confirmed that you have a backup of the working site, click Install the Update to update Joomla.
Once complete, you will see a success page.
Now select Joomla! Update from the Components menu to confirm that you are on version 3.4.6 (occasionally, the update can sometimes fail to reflect the new version in the Update Success confirmation message).
Joomla 1.5 and 2.5 Sites Require a Patch
Users on unsupported versions are encouraged to consult with their developers about migrating to Joomla 3 so that they can receive all security updates.
However, due to the nature of this exploit, Joomla has chosen to make patches available for Joomla versions 1.5 and 2.5 to address this specific issue. The patches can be downloaded directly from Joomla at https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions. Applying the patch is as simple as replacing the existing session.php file which is included in the download.
It’s important to note that Joomla’s decision to release patches for unsupported versions of its software in this specific case is due only to the scope and impact of the current vulnerability, and does not mean that any future patches also will be released for legacy versions. Joomla continues to encourage users to migrate to the current version as soon as possible.
Connect to your site via FTP, SFTP as the cPanel user, or SSH as the cPanel user and navigate to libraries/joomla/session inside your site’s document root to locate the existing session.php file.
On a cPanel server where www.yourdomainname.com loads the main Joomla site, the file would be located in the directory /home/accountusername/public_html/libraries/joomla/session.
On a cPanel server where www.yourdomainname.com/blog loads the main Joomla site, the file would be located in the directory /home/accountusername/public_html/blog/libraries/joomla/session.
Now back up the existing session.php file on your server so that it can be restored if necessary. You can do that by simply renaming the existing session.php file on your server to something you’ll be able to remember later (you also could give the file a “.old” extension or add a period to the beginning of the file name.)
To finish, upload the session.php file you downloaded from Joomla to replace the one you renamed, and check that it has the same ownership and permissions.
Note: If you uploaded the file while connected to the server as root, the file itself will be owned by root. You may need to change its ownership and group to match the other files in the directory.
Liquid Web offers a free Virtual Private Network (VPN) user with every account. A VPN uses encryption to secure your computer’s connection to the Internet and guarantees that all of the data you’re sending and receiving to the Liquid Web network is secured from any potential prying third parties.
A VPN will secure and encrypt inherently insecure communications (such as HTTP, FTP, SMTP, etc.) to the Liquid Web network, even while using an untrusted public network.
Who uses a VPN? People just like you.
The Professional: Whether working from a permanent home office, or simply getting a few important projects done from home, a VPN will provide secure access to files stored on your dedicated server.
Remote Developers: Do you have a fleet of remote WordPress, Joomla, PHP, Drupal, or other developers that need secure access to your hosting infrastructure? If so, a VPN is not only perfect, but should be required.
The World Traveler: Working on your top secret startup from abroad? Or perhaps uploading photos from your most recent adventure? Prevent snooping by using a VPN.