• No results found

Joomla Security Report

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Joomla Security Report"

Copied!
10
0
0

Loading.... (view fulltext now)

Download now ( 10 Page )

Full text

(1)

Joomla Security Report

HackerTarget.com

HackerTarget.com

is the world leader in online open source intelligence and security

assessments. All scanning tools are on-line for easy and convenient access.

All HackerTarget.com Vulnerability Scan options are Free (limit of 4 / day)

Server / IP

Web Sites

Intelligence

CMS

Nmap Port Scan

WhatWeb Site Fingerprint

DomainProfiler

WordPress Scan

OpenVas Scan

SQL Injection Test

Fierce Domain Scan

Joomla Scan

SSL Check

Nikto Web Scan

Hosting Server Info

Drupal Scan

BlindElephant Scan

Professional Services

Security Scanning Membership

additional scanning ($7 / month or $49 / year)

Manual Security Assessment

professional assessment with full report (from $400 USD)

This report is autogenerated using various sources and scripts. No guarantee is made to the accuracy of the information found. See http://hackertarget.com for full Terms of Service.

Design and Layout is licensed under a

Creative Commons Attribution 3.0 Unported License

.

(2)

1

1

2

3

3

4

5

5

7

8

9

9

10

10

10

10

Table of Content

Joomla Security Report

HackerTarget.com

Table of Content

Joomla Site Info

Domain Reputation Check

Robots.txt found

Site Links and Scripts

External Site Links

Javascript links and Scripts found

Internal Site Links

Hosting Information for www.joomla.org

Websites sharing your IP

Appendix A : Additional Resources

The Basics

Advanced Security Testing

Further Information

(3)

This report is based on an automated security scan using passive data collection after crawling the

nominated site.

It was generated on

Mon Aug 8 19:48:06 2011

More Information

Joomla Site Info

Site URI:

www.joomla.org/

Joomla Version:

unknown

Advanced version fingerprinting can be

done with

blindelephant

. Always ensure

your Joomla software is up to date.

Web Server:

Apache

X-Powered-By:

PHP/5.3.6

MetaGenerator:

Joomla! 1.5 - Open Source Content

Management

Page Title:

Joomla!

Domain Reputation Check

The site www.joomla.org has been checked against web reputation services

Ref Service Site Check Result

Google Safebrowsing finds this site as safe SAFE Norton SafeWeb determines this site to be Safe SAFE MyWot has rated the sites trustworthiness as Excellent 94

(4)

Robots.txt found

The robots.txt is used to tell search engines to ignore parts of your site. It can also be used by attackers to find stuff you

may not want to be public and other interesting directories.

raw file User-agent: * Disallow: /administrator/ Disallow: /cache/ Disallow: /components/ Disallow: /images/ Disallow: /includes/ Disallow: /installation/ Disallow: /language/ Disallow: /libraries/ Disallow: /media/ Disallow: /modules/ Disallow: /plugins/ Disallow: /templates/ Disallow: /tmp/ Disallow: /xmlrpc/

(5)

Site Links and Scripts

Links and scripts to external sites and unknown javascript

may indicate the presence of malware or malicious scripting.

Examine the results below, linking to sites of poor reputation or malware can result in

blacklisting by google

and other

search engines.

External Site Links

Links to external sites, assessed for reputation

link Google Safe Browse MyWOT Reputation

http://api.joomla.org/ SAFE 90 http://click.linksynergy.com/fs-bin/click?id=Xy0hOcdtU4s&offerid=145238.1405647&type=2&subid=0 SAFE 66 http://community.joomla.org SAFE 93 http://community.joomla.org/ SAFE 93 http://community.joomla.org/blogs/community.html SAFE 93 http://community.joomla.org/blogs/community/1476-who-is-joomla-jenkins.html SAFE 93 http://community.joomla.org/blogs/community/1477-skydeck.html SAFE 93 http://community.joomla.org/connect.html SAFE 93 http://community.joomla.org/connect/social.html SAFE 93 http://community.joomla.org/events.html SAFE 93 http://community.joomla.org/events/about.html SAFE 93 http://community.joomla.org/events/joomla-days/1405-joomla-day-south-africa-cape-town-2011.html SAFE 93 http://community.joomla.org/events/joomla-days/1413-joomla-day-bosnia-and-herzegovina-2011.html SAFE 93 http://community.joomla.org/events/joomla-days/1446-joomla-day-chicago-2011.html SAFE 93 http://community.joomla.org/events/joomla-days/975-joomladay-charter.html SAFE 93 http://community.joomla.org/showcase SAFE 93 http://community.joomla.org/showcase/ SAFE 93 http://community.joomla.org/showcase/how-to-submit-a-site.html SAFE 93 http://community.joomla.org/showcase/sites-of-the-month.html SAFE 93 http://community.joomla.org/showcase/sites/advsearch.html SAFE 93 http://community.joomla.org/showcase/sites/new.html SAFE 93 http://community.joomla.org/translations.html SAFE 93 http://community.joomla.org/translations/translation-policy.html SAFE 93 http://community.joomla.org/user-groups.html SAFE 93 http://community.joomla.org/user-groups/jug-information.html SAFE 93 http://contribute.joomla.org SAFE 94 http://demo.joomla.org SAFE 93 http://demo.joomla.org/ SAFE 93 http://developer.joomla.org SAFE 93 http://developer.joomla.org/ SAFE 93 http://developer.joomla.org/security.html SAFE 93 http://developer.joomla.org/security/news.html SAFE 93 http://docs.joomla.org SAFE 93 http://docs.joomla.org/ SAFE 93 http://docs.joomla.org/Administrators SAFE 93 http://docs.joomla.org/Beginners SAFE 93 http://docs.joomla.org/Category:Cookie_jar SAFE 93 http://docs.joomla.org/Category:Development SAFE 93 http://docs.joomla.org/Category:FAQ SAFE 93 http://docs.joomla.org/Category:Tips_and_tricks SAFE 93

(6)

http://docs.joomla.org/Cookie_jar SAFE 93 http://docs.joomla.org/Developer_Email_lists SAFE 93 http://docs.joomla.org/Developers SAFE 93 http://docs.joomla.org/Development_Working_Group SAFE 93 http://docs.joomla.org/Documentation_Working_Group SAFE 93 http://docs.joomla.org/Evaluators SAFE 93 http://docs.joomla.org/Help_screens SAFE 93 http://docs.joomla.org/Joomla!_Extension_Directory_FAQs SAFE 93 http://docs.joomla.org/Portal:Bug_Squad SAFE 93 http://docs.joomla.org/Start_here SAFE 93 http://docs.joomla.org/Template SAFE 93 http://docs.joomla.org/Tutorial:Creating_a_basic_Joomla!_template SAFE 93 http://docs.joomla.org/Web_designers SAFE 93 http://docs.joomla.org/index.php?title=Special:UserLogin&type=signup&returnto=Main_Page SAFE 93 http://extensions.joomla.org SAFE 93 http://extensions.joomla.org/ SAFE 93 http://extensions.joomla.org/extensions SAFE 93 http://extensions.joomla.org/extensions/advanced-search SAFE 93 http://extensions.joomla.org/extensions/languages/translations-for-joomla SAFE 93 http://extensions.joomla.org/extensions/new SAFE 93 http://feeds.joomla.org/~r/JoomlaCommunityCoreTeamBlog/~3/Z2nW1pOkBYA/1474-joint-summit-report.html SAFE 88 http://feeds.joomla.org/~r/JoomlaCommunityCoreTeamBlog/~3/m40DH7b83dc/1478-summary-of-the-community-leadership-team-summit.html SAFE 88 http://feeds.joomla.org/~r/JoomlaCommunityCoreTeamBlog/~3/puI3N4uzWKE/1475-report-from-the-open-source-matters-summit-san-jose-2011.html SAFE 88 http://feeds.joomla.org/~r/JoomlaSecurityNews/~3/4KDvSjZRIvs/357-20110701-xss-vulnerability.html SAFE 88 http://forum.joomla.org SAFE 94 http://forum.joomla.org/ SAFE 94 http://forum.joomla.org/ucp.php?mode=register SAFE 94 http://forum.joomla.org/ucp.php?mode=sendpassword SAFE 94 http://forum.joomla.org/viewforum.php?f=11 SAFE 94 http://forum.joomla.org/viewforum.php?f=199 SAFE 94 http://forum.joomla.org/viewforum.php?f=262 SAFE 94 http://forum.joomla.org/viewforum.php?f=303 SAFE 94 http://forum.joomla.org/viewforum.php?f=304 SAFE 94 http://forum.joomla.org/viewforum.php?f=306 SAFE 94 http://forum.joomla.org/viewforum.php?f=364 SAFE 94 http://forum.joomla.org/viewforum.php?f=428 SAFE 94 http://forum.joomla.org/viewforum.php?f=429 SAFE 94 http://forum.joomla.org/viewforum.php?f=430 SAFE 94 http://forum.joomla.org/viewforum.php?f=431 SAFE 94 http://forum.joomla.org/viewforum.php?f=432 SAFE 94 http://forum.joomla.org/viewforum.php?f=433 SAFE 94 http://forum.joomla.org/viewforum.php?f=466 SAFE 94 http://forum.joomla.org/viewforum.php?f=47 SAFE 94 http://forum.joomla.org/viewforum.php?f=470 SAFE 94 http://forum.joomla.org/viewforum.php?f=508&sid=13fc581fa4ba3f0b1c0094cddd7d4378 SAFE 94 http://forum.joomla.org/viewforum.php?f=511 SAFE 94 http://forum.joomla.org/viewforum.php?f=542 SAFE 94 http://forum.joomla.org/viewforum.php?f=544 SAFE 94 http://forum.joomla.org/viewforum.php?f=562 SAFE 94

(7)

http://forum.joomla.org/viewforum.php?f=7 SAFE 94 http://forum.joomla.org/viewtopic.php?f=8&t=65 SAFE 94 http://groups.google.com/group/joomla-commits/topics SAFE 94 http://groups.google.com/group/joomla-dev-framework SAFE 94 http://groups.google.com/group/joomla-dev-general SAFE 94 http://groups.google.com/group/joomlabugsquad SAFE 94 http://help.joomla.org/content/category/48/268/302/ SAFE 93 http://help.joomla.org/ghop/feb2008/task020/Joomla!%20Core%20Features%20V1.2.pdf SAFE 93 http://help.joomla.org/ghop/feb2008/task048/joomla_15_quickstart.pdf SAFE 93 http://ideas.joomla.org SAFE 90 http://joomlacode.org SAFE 93 http://joomlacode.org/gf/ SAFE 93 http://joomlacode.org/gf/account/?action=LostPassword SAFE 93 http://joomlacode.org/gf/project/ SAFE 93 http://joomlacode.org/gf/project/joomla/ SAFE 93 http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=5696 SAFE 93 http://joomlacode.org/gf/project/joomla/tracker/ SAFE 93 http://joomlacode.org/gf/project/jtranslation/ SAFE 93 http://kontentdesign.com SAFE 99 http://magazine.joomla.org SAFE 91 http://magazine.joomla.org/ SAFE 91 http://opensourcematters.org SAFE 96 http://opensourcematters.org/contact.html SAFE 96 http://opensourcematters.org/index.php?option=com_content&view=article&id=56&Itemid=155 SAFE 96 http://opensourcematters.org/news/181-thank-you-to-andrea-and-ole.html SAFE 96 http://opensourcematters.org/news/182-community-oversight-changes.html SAFE 96 http://opensourcematters.org/register-your-group.html SAFE 96 http://people.joomla.org SAFE 83 http://people.joomla.org/ SAFE 83 http://resources.joomla.org SAFE 96 http://resources.joomla.org/ SAFE 96 http://resources.joomla.org/directory/advsearch.html SAFE 96 http://resources.joomla.org/directory/new.html SAFE 96 http://resources.joomla.org/how-to-add-listings.html SAFE 96 http://shop.joomla.org SAFE 94 http://shop.joomla.org/ SAFE 94 http://shop.joomla.org/amazonca-bookstores.html SAFE 94 http://shop.joomla.org/amazoncom-bookstores.html SAFE 94 http://shop.joomla.org/amazoncouk-bookstores.html SAFE 94 http://shop.joomla.org/amazonde-bookstores.html SAFE 94 http://shop.joomla.org/amazonfr-bookstores.html SAFE 94 http://shop.joomla.org/faqs.html SAFE 94 http://www.opensourcematters.org SAFE 96 http://www.rochenhost.com/joomla-hosting SAFE 93

Javascript links and Scripts found

Google Analytics Account ID :

UA-544070-3

Internally Linked Javascript

(8)

link

/media/system/js/caption.js /media/system/js/mootools.js

Internal Site Links

The full site has not been crawled, these are the links from the main index page

links / /17 /about-joomla/the-project.html /about-joomla/the-project/sponsorship.html /announcements.html /announcements/general-news/5384-joomla-community-magazine-august-2011.html /announcements/release-news/5380-joomla-170-released.html /announcements/release-news/5383-joomla-166-released.html /core-features.html /download.html /technical-requirements.html http://www.joomla.org http://www.joomla.org/ http://www.joomla.org/about-joomla.html http://www.joomla.org/about-joomla/contribute-to-joomla.html http://www.joomla.org/about-joomla/the-project.html http://www.joomla.org/about-joomla/the-project/code-of-conduct.html http://www.joomla.org/about-joomla/the-project/leadership-team.html http://www.joomla.org/about-joomla/the-project/mission-vision-and-values.html http://www.joomla.org/about-joomla/the-project/project-teams.html http://www.joomla.org/about-the-joomla-project/media-contact.html http://www.joomla.org/accessibility-statement.html http://www.joomla.org/announcements.html http://www.joomla.org/core-features.html http://www.joomla.org/download.html http://www.joomla.org/international-info.html http://www.joomla.org/login.html http://www.joomla.org/mailing-lists.html http://www.joomla.org/privacy-policy.html http://www.joomla.org/technical-requirements.html

(9)

Hosting Information for www.joomla.org

The following details about the server and hosting provider have been discovered.

Domain: www.joomla.org IP: 206.123.111.172 Organization: Colo4Dallas LP AS Name: COLO4 ISP: COLO4DALLAS LP City: Dallas

Country: United States

Websites sharing your IP

These sites have been found to be sharing the servers IP address

link Google Safe Browse MyWOT Reputation

www.joomla.org SAFE 94

(10)

Appendix A : Additional Resources

Joomla is a stable and powerful content management system. A few simple steps can increase the security of the platform

a great deal.

The Basics

*

Back It Up - Be ready to lose it all at anytime. If you have an up to date backup restoring is much easier

* Keep Joomla System up to date

* Keep all Plugins and Modules up to date

* Beware of untrusted Themes and Modules

* Rename admin account to a non-generic name

* Use strong passwords ( a dictionary word with a number after it is not a strong password! )

* Keep your password safe! Do not re-use it on other sites.

* Ensure you have up to date AV on your Windows Machine. Malware collects passwords.

* The underlying server must be well managed and in a secure state

* VPS or Dedicated server? Set up server monitoring (http://www.ossec.net is a good start)

Advanced Security Testing

This report has been generated using automated scripts and tools, while it provides

a good overview of the general security of the site and any obvious problems, it is

far from a comprehensive security assessment.

HackerTarget.com

has a comprehensive security assessment offering that is in

effect a simulated hacker attack against the target system. This assessment by its

nature is much more aggressive than the automated review you are looking at now,

and provides a full report with any security holes found along with recommendations

for increasing the security of the system.

Alternatively there is a collection of security tools available for free and online for testing at

HackerTarget.com

.

Further Information

There are a thousand and one guides for drupal security tips. Some of the best information is from the source.

References

Download now ( PDF - 10 Page - 214.03 KB )

Related documents

When Can Finite Testing Ensure Infinite Trustworthiness?

[r]

OPEN SOURCE CONTENT MANAGEMENT SOFTWARE, JOOMLA & DRUPAL: A COMPARATIVE STUDY. Librarian. Kendriya Vidyalaya Tinsukia. West Bengal, India

OPEN SOURCE CONTENT MANAGEMENT SOFTWARE, JOOMLA & DRUPAL: A COMPARATIVE STUDY..

SENSORI DI AREA. area sensors

Le zone buie corrispondono a parti dell’area adiacenti agli elementi proiettore e ricevitore, hanno ampiezza X proporzionale alla distanza D tra proiettore e ricevitore / Dark

Sexually dimorphic gene expression and transcriptome evolution provides mixed evidence for a fast-Z effect in Heliconius

More highly expressed genes are more exposed to selection, so in a female heterogametic system with a fast- Z effect, genes with female- biased expression are expected to have

STARTING UP YOUR PRACTICE Lesson 5 Incorporating a Medical Practice

The physician pays him/herself a salary $100,000 and then pays dividends equally between the shareholders him/ herself, spouse, and 2 adult children (aged 18 and older).. The

Foreign Direct Investment and Poverty in the ECOWAS Region

Therefore, it is concluded that the impact of FDI on poverty in the ECOWAS region is dependent on the poverty measure used in the study, as well as on the econometric

NEUROSCIENCE + CLINICAL PRACTICE - NEW DIRECTIONS IN WORKING WITH TRAUMA + ATTACHMENT WITH DR PIETER ROSSOUW (AU) + DR RUTH MCCONNELL (NZ)

Watiri Maina is a counselling lecturer in the School of Social Practice at Laidlaw College and practices as counsellor, supervisor and spiritual director based at The Arahura