Brute Force. Get it? Probably not... but 10pts if you do!
Why should this concern you though? How would anyone be able to even tell that you are using Joomla for your web site source? To be honest, it wouldn't be much of a challenge for a hacker to determine if your site is running Joomla. One of the easier ways is to view the content source of the page. Unless explicitly turned off, a typical Joomla site will show the following in the source:
<meta name="generator" content="Joomla! 1.5 - Open Source Content Management">
Why should this matter to you? Well if a hacker is able to access your backend administration menu, then what is stopping them from running a brute force attack to gain access to your website?
The good news is there is an easy solution to fix this vulnerability. The jSecure Authentication module allows administrators to setup a unique access key that is required in order to gain access. Once implemented, access to the administration area can only be gained by appending a unique key after www.sitename.com/administrator.
- Option to be emailed each time someone tries to access your admin page
- Option to block IP’s from accessing your administration area
- Option to use add a second login form to further protect you admin page
- Added Master Password to access the jSecure Authentication
- Added E-mail option to send the change log in jSecure Authentication
- Ability to create White Listed IP's and Blocked IP's
- Added log feature (the System will log who access jSecure)
- Fixed JSecureConfig::$iplistB and JSecureConfig::$iplistW bug for Joomla 1.5.X, Joomla 1.6.X & Joomla 1.7.0
- Fixed issues with mail headers for Joomla 2.5
- Added text input feild instead of text area in the form option of Basic Parameters for Joomla 1.5.X, Joomla 1.6.X & Joomla 1.7.0
- Improved backend presentation
- Improved support on our forum
Installation for the module is typical to any other Joomla module:
- Login to administration area
- Go to Installer -> Module -> select the mod_jsecure_authentication.zip file
- Click on Install & upload
To configure the module:
- Login to Administration area
- Go To Modules->Administrator Modules
- Click on jSecure Authentication link
- Enable the module and set the optional parameters specified below
- Save the module
The default key to access login page is "jSecure", which is cASe SensITivE.
How to Use :
Also published at Squidoo.