Protection against a critical Joomla security bug

Posted October 22nd, 2015 in System Status, Tech Corner. Tags: , , , .

The authors of the Joomla software announced today that every version of Joomla between 3.2.0 and 3.4.4 has a critical security bug that allows hackers to take over a site (the bug is known as “CVE-2015-7857”).

The best solution for Joomla users is to update to version 3.4.5 immediately. However, we’ve also added a rule to our servers to protect our customers until they do this. The rule should ensure that if you use our hosting service, “hackers” won’t be able to take advantage of this bug.

A mod_security rule

Again, we’ve already applied a blocking rule to our servers, so our hosting customers are protected. But if you’re a technician who runs a server that hosts Joomla sites for other people, you should consider adding a mod_security rule to block it. Here’s a simple one:

SecRule ARGS:option "^com_contenthistory$" "deny,chain"
SecRule ARGS:view "^history$" "chain"
SecRule ARGS_NAMES "select"

This rule blocks all requests (both GET and POST) where all three of the following are true: option=com_contenthistory, view=history, and the SQL keyword select appears in a variable name.

  1. Recent Posts

    1. PHP versions 8.1.28, 8.2.18, and 8.3.6
    2. PHP versions 8.2.17 and 8.3.4
    3. President’s Day 2024 holiday hours
    4. PHP versions 8.1.27 and 8.2.15
    5. Martin Luther King, Jr. Day 2024 holiday hours
    6. New Year’s 2024 Holiday Hours
    7. Christmas 2023 Holiday Hours
    8. Brief scheduled maintenance December 16-17, 2023
    9. Thanksgiving 2023 Holiday Hours
    10. PHP versions 8.1.25 and 8.2.12

  2. Categories

  3. Tags

    all servers email holiday hours linux mailman maintenance mod_security mysql network php phpmyadmin security server updates spam ssl status updates webmail wordpress zapp

  4. Feeds