stackoom
  简体   繁体   中英

Auditing Joomla! 1.5 for system health and security?

 原文  2011-03-23 17:36:56       php/ security/ joomla/ joomla1.5/ joomla-extensions

Question

I have a Joomla! 1.5 client asking to do an audit of their install's health, SEO and security.

Joomla! Tool Suite / HISA doesn't exist anymore; are there any comparable extensions I could use?

If not, what are the main issues one must generally address when evaluating a Joomla! site's health and security?

Thanks!

1 answers

solution1
 4 ACCPTED  2011-03-23 18:33:58

I do not know about any software that helps analyze this for Joomla.

I can spend hours going over this..., here is the brief version ;-)

Health :

  1. Make sure client is updated with the latest version of Joomla 1.5 that includes all the latest fixes like: xss, sql injection, etc...
  2. Make sure PHP settings are in order
  3. Make sure MySQL settings are in order
  4. Over time database becomes slower because of "quick deletes"... therefore it needs to be cleaned (optimized) to make it work faster. Analyze and Optimize entire database or a table at a time with ANALYZE TABLE and OPTIMIZE TABLE

SEO :

  1. Use Google Webmaster Tools to help you understand details.
  2. Use Google Analytics to understand what kind of traffic you are getting.
  3. Check pages for titles/description and content written for the users and not search engines
  4. Make sure Search Engine Friendly URLs are used. If sh404 is used, make sure it's updated to latest version.

Security :

This one can get super complex, depending of the level of security, installed components and environment.

  1. Make sure database is accessible only by the localhost or webserver is external db is used and specific IPs. Do not allow "wildcard access" to the database.
  2. Restrict administrative screen (www.site.com/administrator) to specific list of IPS (modify administrator/index.php file) or protected it with somekind of plug-in like "jSecure".
  3. If 3rd party extensions are used that use file upload... inspect them to make sure file types are restricted by the server-side validation. Do not rely on the JavaScript to perform the validation.
  4. Make sure username: "admin" is not used.
  5. Make sure permissions are correct. 644 for config file, etc...

Other :

  1. Make sure gzip compression is used to reduce transfer size
  2. Make sure site is not too heavy. Use YSlow to analyze. If it is consider using plug-in like jFinalizer to combine multiple external files into 1 and gzip them to reduce transfer size
  3. Check number of images for regular page... a lot of websites use dozens of tiny images in CSS for pretty styles. This generates more request to the server and slows it down. Consider creating sprites.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Joomla 1.5 files security problems Better regex for security and auditing? Joomla 1.5 : How to find number of concurrent / active users in my joomla based intranet system Joomla 1.5 and Wincache Open SqueezeBox in joomla 1.5 Joomla 1.5 with Virtuemart 1.1.9 Joomla 1.5 password check Captcha for Joomla 1.5 and VirtueMart 1 jimport not working in Joomla 1.5 If (Author) statement in Joomla 1.5
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM