How to protect your site from latest Joomla! vulnerabilities

in RSFirewall! on 17 Dec 2015 having 2 comments

Joomla! recently announced 4 core vulnerabilities regarding the user password reset system. The problems were quickly resolved and so, a Joomla! system update was provided along with details about the vulnerabilities.

Congratulations to the Joomla! Team for it’s fast response and solution.

The security vulnerabilities:
  • Crucial: Core - Remote Code Execution (affecting Joomla 1.5 through 3.4.5)
  • Core - CRSF Hardening (affecting Joomla 3.2.0 through 3.4.5)
  • Directory Traversal (affecting Joomla 3.2.0 through 3.4.5)
  • Directory Traversal (affecting Joomla 3.4.0 through 3.4.5)

If you would like to learn more about this, have a look at the Joomla! 3.4.6 release announcement.

Don’t think that this is something Joomla! specific - a similar hack has been applied for Wordpress installations as well. This involves the lack of support of MySQL’s utf8_general_ci collation for 4 byte UTF-8 characters.

Good news for RSFirewall! users: RSFirewall! was quickly updated to protect you from such threats and potential attacks. We introduced a new active scanner option that would detect and block such hacking attempts. No additional configuration required. Just make sure that you are using the 2.9.2 version.

Our advice?

Keep your Joomla! and RSFirewall! security extension up to date constantly. Both can be easily updated and are constantly improved for your benefit. Stay safe!

Get your RSFirewall! now with a 20% discount coupon for purchases! (Available until 20 December)

Note: Expired subscriptions can be renewed with a 30% discount (this discount is applied automatically).

Subscribe to our blog

Found this article interesting? Subscribe to our blog for more.

Alexandru Plapana - 18.12.2015 (02:53:45)

Patches are being provided for all Joomla! versions (1.5 upwards), but RSFirewall! will protect your sites on both Joomla! 3.x and 2.5 installations.


John Lay - 17.12.2015 (14:01:23)
RS Firewall

I was curious if RS Firewall will help with the security vulnerability in Joomla 2.5?

I updated all my joomla 3.0 sites to latest version of 3.4.6. But what is the solution for Joomla 2.5 sites?


1000 Characters left