Introducing Audit My Joomla from joomla-security.com Audit My Joomla is a unique tool. For the first
time in the joomla world you can now audit your website and cleanup after your site has been
hacked, cracked or exploited. You may have been to the joomla documentation
site and read the security checklist. Many people find that their websites were
exploited yesterday but only defaced today. You still run the risk of not removing the
hackers backdoors and this is where the security tool Audit My Joomla reaches the parts that
other tests can’t reach. Once you’ve entered your details
click get started. Let’s give your site a name we’re going to
recognise and then enter the full domain name and finally click on add. Now we need to create what is called a connector. Once it’s created click download now and save
it to your computer now. Now we’re ready for step 2 installing the
connector on your site. Click on this link to open up your site administrator
and login. Once logged install it as you would any other
extension and return to the audit tool and we can see that it already knows it is done. We now need to test the connection between
the audit and our website. Once the connection has been tested we go
to the page where we can start the actual audit Because the audit will take some time we can have it set to email us or send us a direct
message on Twitter as soon as the audit is complete Depending on your server and the size of your site these tests can take between five minutes
and perhaps even an hour. Now that the audit is complete it’s time to
review exactly what has being tested and what has been found.
You will see a very long list of all the things that have been tested together with their
results. Some things will be marked as OK others will
be marked as problems and some will be marked as warnings. In addition you can see all the new features
that will be coming soon for additional tests. Here we can see that the audit is indicating
four problems been found with the folder permissions. If we click on the spanner we can see that
the audit tool has discovered the following folders with 777 permissions.
This is generally considered to be insecure we can fix it very easily by clicking on the
big blue button. Saying “fix permissions now”. The audit tool retests the permissions and
confirms that there are no longer any 777 permissions.
Let’s go back to the results and we can carry on. We can now see under the files section that the audit test has discovered one file with
suspect or malicious content. Again click on the spanner and we can see
here listed the file. You should note there may well be false positives
on this list. Let’s have a look and see what’s happened.
To begin with we can just click on the view suspect lines.
That looks very wrong to me but lets just double check by viewing the entire file.
Now that I can see the entire file I can see that it is completely encrypted and clearly
does not belong on my website. No we can just simply delete the file.
We can now see a problem with some file permissions. Once again the audit tool has discovered the
following files with 777 permissions which you can fix with the big blue button.
Here in the user accounts we can seeit has discovered that my website has an account
with a username admin. This time the tool will actually let me change
my username from admin to a more random name with a more secure password.
And I can accept these changes by clicking on the big button.
Finally I can see under database integrity that my website is using the default database
prefix of jos_. This is a known value and is not considered
to be good practice. Here the audit tool confirms that the prefix
being used on my site is jos_, suggests a more secure randomised prefix and allows me
to change it by clicking on the button. With Audit My Joomla from joomla-security.com
you have a suite of amazing tools that are going to make your Joomla experience safer
and more secure. It will identify issues with your site you
never knew you had and give you the tools to make even the most technical of changes
easy. Best of all your first audit is free.