Site Vulnerability Check

by jonboy   Last Updated September 07, 2019 08:10 AM

With the recent security announcement regarding SQL injection, I was wondering what I could do in order to 'review' my current Joomla sites, and ensure none of them have been compromised.

Apart from the obvious, upgrading to the latest release and ensuring all 3rd party components and plugins are up to date, and not on the vulnerable extensions list.

Is there some way I can scan or check my current sites to ensure there is no malicious code 'waiting' to do harm?

In the past my shared hosting providers have sometimes contacted me informing that they have spotted some malicious code and it should be removed asap. However it would be good if I could conduct a similar review periodically.

Perhaps there are 3rd party components for this? Or is such a review not feasible?

Suggestions or help appreciated :)



Answers 2


The best tool I am aware of that can scan your whole web account is the one from Phil Taylor at https://mysites.guru (formerly https://myjoomla.com).

This is a paid service but you are not locked into a contract and can cancel at any time if you no longer need the service.

Another service provider that I know could do this for you is https://sucuri.net who appear to know their stuff.

There are likely other providers that offer the same type of service.

I am not aware of any free scanning extensions that can do this for you. Even if there were a free version, I'm not sure I'd trust the results compared to http://myjoomla.com or https://sucuri.net.

I am not associated with Phil Taylor or Sucuri but am a paid http://myjoomla.com subscriber and am very happy with the service which is constantly being improved.

These days http://myjoomla.com can also do remote backups, remote extension updates, automatic updates for some extensions (if you are into that sort of thing!) and also includes uptime monitoring etc which are all really useful tools especially if you are managing multiple websites.

enter image description here

Neil Robertson
Neil Robertson
December 16, 2015 12:56 PM

These are the tools I use

JOOMLA EXTENSIONS

Watchful.li: similar to myJoomla.com and also monthly https://watchful.li/

RSFirewall: Has the best scan for malware and files that do not belong in core Joomla install https://www.rsjoomla.com/joomla-extensions/joomla-security.html

Admin Tools Pro: good firewall and a PHP changes scan https://www.akeebabackup.com/products/admin-tools.html

TOOLS TO SCAN

https://sitecheck.sucuri.net/

https://www.google.com/webmasters/

STRONG HTACCESS

https://github.com/nikosdion/master-htaccess/blob/master/htaccess.txt

https://docs.joomla.org/Htaccess_examples_(security)

https://www.akeebabackup.com/documentation/admin-tools/htaccess-maker.html

YellowWebMonkey
YellowWebMonkey
December 17, 2015 20:00 PM

Related Questions


Updated June 05, 2015 22:04 PM

Updated February 29, 2016 01:04 AM

Updated July 25, 2015 13:04 PM

Updated December 03, 2016 08:04 AM