Joomla Tools Suite - Part 2 (Diagnostics)
Part 1 deals with the Health and Security Audit Tool
This second tool, allows you to verify whether your Joomla installation is up to scratch, whether any files are missing, or any files have been corrupted (either during transfer) or possibly modified by a hack, or modified by the installation of a 3rd Party component.
This tool is also another tool which is available as a stand alone tool. The way it works is as follows. It contains two main files.
- Joomla file listing txt file. There is a different version of this file for each Joomla version. You need to use the version which is appropriate for you Joomla installation. This is it contains a listing of each file, and files are obviously different for each version of Joomla
- diagnostics.php - this is the file which actually goes through your site and (using the text file above) verifies whether a file is missing or different from the original file (i.e. there has been some kind of change)
Files Changed or Altered
By accessing the dagnostics.php file, you will know whether there have been any changes in the original files. If changes have happened they are usually for one of the following reasons:
- Corruption of the file during files transfer. If your ftp client gets disconnected during file transfer, resuming a file may corrupt the file without warning.
- Intentional developer modification. Sometimes there are instances where the original files are deliberately modified to change original functionality to suit your needs. E.g. the search hack modifies the original Joomla file code, This will result in the diagnostics tool giving you a warning.3rd party components may also deliberately change original files to enable certain functionality. Examples of 3rd party files which change core Joomla code are: Forum bridges, and page caching components.
- Hacked website. Some hackers may be able to change your code. This may be to insert malicious code, or just to deface your site. In any case, the files have been changed.
If any of the three cases apply to any particular file in Joomla, you will get a warning from the diagnostics tool as shown in the screenshot below.
What you should do:
If you don't recall changing any files, you should check whether any components you installed actually change the code. This should be clearly documented, and in any self-respecting component should be easily reversible. In this case you don't have to do anything.
If you have a fresh installation, you should upload the files which are corrupt or missing.
If you think your website has been compromised, you should take steps to clean the website.
Another function of the diagnostics tool is to advice you if any core file is missing. This has abvious implications, and thus you will get a warning.
In the example below, the htaccess.txt file is missing, because it has been renamed to .htaccess for enabling Search Engine Optimization.
You need will be able to determine whether these files have been intentionally removed, or whether they are missing to any of the circumstances above mentioned in the corruption of files.
Joomla source code has a security feature, which does not allow any files to be accessed, unless through the Joomla application. This is done for security reasons, because if files could be run just by accessing the file name in the browser, a website would be vulnerable to hack attacks.
To do this, Joomla uses the following code:
defined( '_VALID_MOS' ) or die( 'Restricted access' ); - Joomla 1.0.x
defined( '_JEXEC' ) or die( 'Restricted access' ); - Joomla 1.5
This means that if the file is accessed form the browser (not via the Joomla application), the Restricted access warning will be displayed. Infact you can try this yourself. Try accessing the file http://www.yourdomain.com/includes/footer.php directly (a core joomla source code file), and you will get this error message. This is because only Joomla can use this file, and not the user directly through a browser.
So what can go wrong with this? Some 3rd party component developers for some reason or other, do not put this line in their code. This means that anyone which knows where the file is on the server can access this file. This results in being able to hack this quite easily. Now since most hackers most that there exists a vulerability in a particular extension, it is quite easy to hack a site because they will know exactly which file to attack and exploit.
Joomla diagnostics checks for this line in each file in your website, and if it finds files which do not contain this line, will give you a warning that the code could make your website vulnerable.
If the line is in a core Joomla file, you don't have to do anything. If it is in a 3rd party component, the best thing to do is get in touch with them and verify that this is ok.
- Register globals setting
- Register globals emulation setting
Both of these settings are critical security settings. If any of the settings are on, your website could be easily hacked. Both should be turned off. The follwing links advice on how these settings can be turned off.
Register globals - http://www.joomla-addons.org/easyfaq/view/joomla-diagnostics/register-globals/147.html
If you are unable to do this, you should contact your host asap and ask them to assist you to resolve this issue. Also please note that if a host has this setting on, this is not a Joomla friendly host. Joomla friendly hosts should have this setting off by default.
Register globals emulation - this is a setting which some old components require to be on. However, since this makes your site vulnerable, you should strictly avoid any component which requires this setting to be switched on. Fortunately, this setting is quite easy to turn off. For older Joomla versions you need to edit your globals.php (in the root directory of your installation),
Open globals.php located in the root of your joomla installation. Search for:
define( 'RG_EMULATION', 1 );
and change it to:
define( 'RG_EMULATION', 0 );
For newer versions, this setting can be switched on and off in the Site Configuration settings (Site > Global Configuration > Server tab) and there is a dropdown box which allows you to switch off this setting.
Part 3 of the series will deal with Permissions Auditing using the Joomla Tools Suite