The "Dangerous user agent" notification explained

If you are finding entries in the component System logs regarding Dangerous user agent detected, this means that the component has successfully blocked an attack on your site, no further actions are required.

 

The component provides a filter to protect your installation against the critical vulnerability discovered by the Joomla! Security Strike Team. This vulnerability affects all Joomla! versions starting from 1.5 to 3.4.5 (including).

 

The vulnerability was caused by the way the session data was stored in the database, installations that were using the Session handler set to Database were open to this type of attack (you can find this setting by going to System > Global Configuration > System > Session settings). This allowed the injection of PHP code directly in database through the user agent.

 

The best way to protect yourself against this is to update to the latest version of Joomla! immediately (this has been fixed in the 3.4.6 release with a hardening patch added in 3.4.7)


14 persons found this article helpful.


Was this article helpful?

Yes No
Sorry about that

You Should Also Read

Warning open_basedir restriction in effect

I'm getting the 'Warning strtotime() [function.strtotime]' message