Unfortunately, the username and password you have entered do not match!
Not a member? Register | Lost your password?
Forgot your username? | Login with order number
Close Panel

Registration

Unfortunately, this username is already taken!

Unfortunately, this e-mail address is already used!

Please retype the verification code.

All fields are required

Close Panel

System Check - Security Scanner for Joomla!

System Check - Security Scanner for Joomla!
RSFirewall! System Check The System Check is an on-demand scanner that performs an extensive scan of your Joomla installation. This scanner verifies the following items:

  • System version: checks whether you are using the latest versions of RSFirewal! and Joomla. If newer versions have been released it also provides a download link to the specific patch;
  • File integrity: checks if the Joomla core files have been altered in any way. It compares the actual file with a pre-calculated hash that has already been documented starting from Joomla 1.5.3 version. The files that have been modified are displayed individually along with the path to that particular file. The File integrity check is not only a detection tool, but also offers a mechanism that tries to repair the detected problem.
  • Folder permissions: checks if the folders contained within your Joomla installation have the recommended read/write permissions. If any folder does not pass the test it is displayed individually along with a path to the file. Here too, a repair tool is provided however, because of some restrictions that may reside on your server, the tool may or may not succeed.All folders with permissions higher than 755 will be highlighted;
  • File permissions: all files with permissions higher than 644 will be highlighted;
  • Malware patterns: checks for shell patterns inside files and check for a list of known malware files. Malware, short for malicious software, is software designed to infiltrate or damage a computer system without the owner's informed consent;
  • File and folder access : tests whether sensitive files are accessible to unauthorized users. It essentially incorporates the following actions:
    • checks if the Joomla! temporary folder is outside of public html
    • checks if the log folder is outside of public html
    • checks if there are any files left in the Joomla! temporary folder
    • checks the integrity of your configuration.php file
    • checks if configuration.php is outside of public html
  • PHP configuration: checks for security flows in the general PHP configuration. The following items are checked:
    • register_globals: configurable boolean PHP specific option that enables whether or not to register the EGPCS (Environment, GET, POST, Cookie, Server) variables as global variables.This might allow an attacker to take control of hidden variables through poorly written Joomla! extensions;
    • safe_mode: was designed to further increase security however due it's buggy nature this can turn against the owner;
    • allow_url_fopen: This option enables the URL-aware fopen wrappers that enable accessing URL object like files. Default wrappers are provided for the access of remote files using the ftp or http protocol, some extensions like zlib may register additional wrappers. However, this might allow an attacker to include his own PHP scripts in your Joomla! website, ultimately taking control of the webserver
    • allow_url_include: This option allows the use of URL-aware fopen wrappers with the following functions: include(), include_once(), require(), require_once(), thus enabling an attacker to include his own PHP scripts.
    • disable_functions: disables dangerous PHP functions. It is recommended to disable: show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
    • open_basedir: restricts access to specified directories only.
  • User information: checks whether the default "admin" user is in use and if the usernames and passwords offer a good level of security against brute-force attacks.
  • Jumi Check: verifies if you have a vulnerable version of Jumi installed on your site.
  • Joomla! Configuration: verifies for security flows in your Joomla! Global Configuration panel. The following checks are made:
    • Checking if you have Search Engine Friendly URLs enabled: By enabling SEF in your Joomla! Configuration your website will not be vulnerable to Google searches. An attacker could search on Google for a vulnerable extension (by using the syntax "inurl: option=com_dummy") and target all sites that have it installed.
    • Checking your session lifetime: If you setup your session lifetime too high, you will be vulnerable to prying eyes. It's recommended to keep a lower session lifetime so it will expire early in case you leave your computer.
    • Checking if you have set your FTP password: If you store your FTP password in the Global Configuration you leave your FTP exposed. Anyone who can access the Global Configuration will be able to retrieve your password and access your FTP account.

Each of these items have a score that RSFirewall! uses to compute a security grade, so you can get an idea of how secure is your website and take the necessary measures to improve it.

Watch the video tutorial

Ep. 11 - RSFirewall! - Joomla! Security Scanner

Feedback