Protection against a critical Joomla security bug

The authors of the Joomla software announced today that every version of Joomla between 3.2.0 and 3.4.4 has a critical security bug that allows hackers to take over a site (the bug is known as “CVE-2015-7857”).

The best solution for Joomla users is to update to version 3.4.5 immediately. However, we’ve also added a rule to our servers to protect our customers until they do this. The rule should ensure that if you use our hosting service, “hackers” won’t be able to take advantage of this bug.

A mod_security rule

Again, we’ve already applied a blocking rule to our servers, so our hosting customers are protected. But if you’re a technician who runs a server that hosts Joomla sites for other people, you should consider adding a mod_security rule to block it. Here’s a simple one:

SecRule ARGS:option "^com_contenthistory$" "deny,chain"
SecRule ARGS:view "^history$" "chain"
SecRule ARGS_NAMES "select"

This rule blocks all requests (both GET and POST) where all three of the following are true: option=com_contenthistory, view=history, and the SQL keyword select appears in a variable name.