Protection against a critical Joomla < 3.6.5 security bug

The authors of the Joomla software announced that Joomla versions 1.6.0 through 3.6.4 have a critical security bug that allows “hackers” to take over a site (CVE-2016-9838).

The best solution for Joomla users is to update to version 3.6.5 immediately. However, we also added a security rule to our servers this evening to block this attack, based on an initial analysis.

The rule works by blocking attempts to register new Joomla users that contain certain kinds of invalid data; it allows only “expected” data. This could mean that if you’ve modified your Joomla user registration page in some unusual way, it might be incorrectly blocked. We’ll keep an eye out for this potential problem; don’t hesitate to contact us if you have any trouble.