responsive_joomla_728x90
jSecure Authentication and You
MD TECH TEAM

jSecure Authentication and You

Brute Force. Get it? Probably not... but 10pts if you do!

Why should this concern you though? How would anyone be able to even tell that you are using Joomla for your web site source? To be honest, it wouldn't be much of a challenge for a hacker to determine if your site is running Joomla. One of the easier ways is to view the content source of the page. Unless explicitly turned off, a typical Joomla site will show the following in the source:

<meta name="generator" content="Joomla! 1.5 - Open Source Content Management">

Why should this matter to you? Well if a hacker is able to access your backend administration menu, then what is stopping them from running a brute force attack to gain access to your website?

The good news is there is an easy solution to fix this vulnerability. The jSecure Authentication module allows administrators to setup a unique access key that is required in order to gain access. Once implemented, access to the administration area can only be gained by appending a unique key after www.sitename.com/administrator.

 

Download jSecurejSecure Authentication can be downloaded here. Now it was previously a free module, but it has since been changed to commercial. With native support for all current versions of Joomla, jSecure Authentication is well worth the $9.99 purchase price. The latest version of the program includes many new features such as:
  • Option to be emailed each time someone tries to access your admin page
  • Option to block IP’s from accessing your administration area
  • Option to use add a second login form to further protect you admin page
  • Added Master Password to access the jSecure Authentication
  • Added E-mail option to send the change log in jSecure Authentication
  • Ability to create White Listed IP's and Blocked IP's
  • Added log feature (the System will log who access jSecure)
  • Fixed JSecureConfig::$iplistB and JSecureConfig::$iplistW bug for Joomla 1.5.X, Joomla 1.6.X & Joomla 1.7.0
  • Fixed issues with mail headers for Joomla 2.5
  • Added text input feild instead of text area in the form option of Basic Parameters for Joomla 1.5.X, Joomla 1.6.X & Joomla 1.7.0
  • Improved backend presentation
  • Improved support on our forum

Installation for the module is typical to any other Joomla module:

  • Login to administration area
  • Go to Installer -> Module -> select the mod_jsecure_authentication.zip file
  • Click on Install & upload

To configure the module:

  • Login to Administration area
  • Go To Modules->Administrator Modules
  • Click on jSecure Authentication link
  • Enable the module and set the optional parameters specified below
  • Save the module

The default key to access login page is "jSecure", which is cASe SensITivE.

How to Use :

www.site name/administrator/?jSecure

Also published at Squidoo.

Last modified on Friday, 21 March 2014 06:28
(0 votes)
4988
MD TECH TEAM

The MD TECH TEAM was founded in 2007 by now husband and wife team Manny and Diana Rivera.  The company set out with one goal in mind: to help create, maintain, and train clients on building an online presence to help increase their business revenue. In 2010 the MD TECH TEAM brought on good friend, Jon Burritt as CIO for the company.  Jon show tremendous amount of skill in both Joomla and other server based platforms.

bg Image