SBM Labs

Cyber Security Collaboration Project

Protection of CMS Joomla administration panel
30 Mar 2014

You should do several steps in order to protect administration panel of CMS Joomla.

1. Brute-force protection.

Install plugin authentication_captcha and enable it.

2. Change default URL address of administration panel.

Install free component jSecure Lite. It will allow access to administration panel ony after you send right secret key in GET request. Otherwise you will be redirected on specified in configuration settings page.

3. Set up honeypot for the hacker.

First of all set up redirect (Custom Path) to the address administrator/ in case of getting wrong secret key. Then add mod_rewrite rule to the file .htaccess. For example,

RewriteCond %{QUERY_STRING} !secretKey
RewriteRule ^administrator/$ honeypot/administrator/index.php [L]

As a result page http://site_name/administrator will be redirected to the fake administration panel page.

Example of the file honeypot/administrator/index.php.

<?php
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
include('fake_admin_panel.html');
}
else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$file = "attacker .log";
$message = date('Y-m-d H-i-s') . " clientAddress=\"" . $_SERVER['REMOTE_ADDR'] . "\" clientAgent=\"" . $_SERVER['HTTP_USER_AGENT'] . "\" clientUsername=\"" . $_POST['username'] . "\" clientPassword=\"" . $_POST['passwd'] . "\"\r\n";
file_put_contents($file, $message, FILE_APPEND | LOCK_EX);
}
include('fake_admin_panel_auth_error.html');
}
?>

Important! Pages fake_admin_panel.html and fake_admin_panel_auth_error.html must look as real.

In case of brute-force attack you can find all hacker attempts in the log file attacker.log

Simple PHP Backdoor
Spam-Infected Website
Skype Account Compromise
Theft of American Express, Visa and MasterCard card data