Sicherheit

Message

Failed loading XML... Opening and ending tag mismatch: meta line 1 and head Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: a line 1 and div AttValue: " or ' expected attributes construct error Couldn't find end of Start Tag input line 1 Opening and ending tag mismatch: input line 1 and li Opening and ending tag mismatch: input line 1 and li Opening and ending tag mismatch: input line 1 and li Opening and ending tag mismatch: input line 1 and li Opening and ending tag mismatch: li line 1 and ul Opening and ending tag mismatch: li line 1 and div Opening and ending tag mismatch: li line 1 and form Opening and ending tag mismatch: li line 1 and div Opening and ending tag mismatch: ul line 1 and div Opening and ending tag mismatch: form line 1 and div Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: br line 1 and div AttValue: " or ' expected attributes construct error Couldn't find end of Start Tag input line 1 Opening and ending tag mismatch: input line 1 and li Opening and ending tag mismatch: input line 1 and li Opening and ending tag mismatch: input line 1 and li Opening and ending tag mismatch: input line 1 and li Opening and ending tag mismatch: li line 1 and ul Opening and ending tag mismatch: li line 1 and div Opening and ending tag mismatch: li line 1 and form Opening and ending tag mismatch: li line 1 and div Opening and ending tag mismatch: ul line 1 and div Opening and ending tag mismatch: form line 1 and div Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: br line 1 and td Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: br line 1 and td Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: br line 1 and td Opening and ending tag mismatch: br line 1 and tr Opening and ending tag mismatch: a line 1 and table Opening and ending tag mismatch: br line 1 and div Opening and ending tag mismatch: br line 1 and div Opening and ending tag mismatch: a line 1 and div Opening and ending tag mismatch: br line 1 and div Opening and ending tag mismatch: td line 1 and div Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: a line 1 and tr Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: a line 1 and tr Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: a line 1 and tr Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: br line 1 and center Opening and ending tag mismatch: img line 1 and a Opening and ending tag mismatch: center line 1 and td Opening and ending tag mismatch: a line 1 and tr Opening and ending tag mismatch: td line 1 and table Opening and ending tag mismatch: a line 1 and div Opening and ending tag mismatch: td line 1 and div Opening and ending tag mismatch: tr line 1 and div Opening and ending tag mismatch: td line 1 and div AttValue: " or ' expected attributes construct error Couldn't find end of Start Tag div line 1 Opening and ending tag mismatch: br line 1 and div Specification mandate value for attribute wrap Specification mandate value for attribute wrap attributes construct error Couldn't find end of Start Tag pre line 1 attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span attributes construct error Couldn't find end of Start Tag span line 1 Opening and ending tag mismatch: br line 1 and span Opening and ending tag mismatch: br line 1 and p Opening and ending tag mismatch: br line 1 and pre Opening and ending tag mismatch: br line 1 and blockquote Opening and ending tag mismatch: br line 1 and div Opening and ending tag mismatch: br line 1 and div Opening and ending tag mismatch: input line 1 and form Opening and ending tag mismatch: input line 1 and div Opening and ending tag mismatch: input line 1 and div Opening and ending tag mismatch: form line 1 and section Entity 'nbsp' not defined Entity 'nbsp' not defined Entity 'copy' not defined Opening and ending tag mismatch: div line 1 and body Opening and ending tag mismatch: br line 1 and html Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag blockquote line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag section line 1 Premature end of data in tag a line 1 Premature end of data in tag td line 1 Premature end of data in tag a line 1 Premature end of data in tag td line 1 Premature end of data in tag tr line 1 Premature end of data in tag td line 1 Premature end of data in tag tr line 1 Premature end of data in tag td line 1 Premature end of data in tag a line 1 Premature end of data in tag td line 1 Premature end of data in tag a line 1 Premature end of data in tag td line 1 Premature end of data in tag a line 1 Premature end of data in tag td line 1 Premature end of data in tag tr line 1 Premature end of data in tag table line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag br line 1 Premature end of data in tag a line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag a line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag a line 1 Premature end of data in tag br line 1 Premature end of data in tag td line 1 Premature end of data in tag br line 1 Premature end of data in tag a line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag a line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag a line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag a line 1 Premature end of data in tag br line 1 Premature end of data in tag br line 1 Premature end of data in tag a line 1 Premature end of data in tag br line 1 Premature end of data in tag td line 1 Premature end of data in tag tr line 1 Premature end of data in tag table line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag a line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag div line 1 Premature end of data in tag body line 1 Premature end of data in tag meta line 1 Premature end of data in tag meta line 1 Premature end of data in tag meta line 1 Premature end of data in tag link line 1 Premature end of data in tag head line 1 Premature end of data in tag html line 1

Aufgrund der Popularität und bekannter Sicherheitsprobleme werden Joomla-Installationen immer wieder zur Zielscheibe von Angriffen, insbesondere in Form sogenannter Defacements. Laut einer IBM-Studie aus dem Jahr 2008 ist die Zahl der Sicherheitslücken bei Webapplikationen allerdings generell drastisch angestiegen, so dass prinzipiell alle Systeme von diesem Problem betroffen sind. Insbesondere WordPress ist in dieser Hinsicht mindestens genauso gefährdet.

Im Entwicklerteam von Joomla gibt es eine spezielle Abteilung, welche sich nur um das Auffinden von Fehlern kümmert und den Namen „Bug Squad“ trägt. Vor allem die zahlreichen Drittkomponenten verursachen ein erhöhtes Sicherheitsrisiko, was von Hackern ausgenutzt wird. Einige dieser Erweiterungen benötigen sehr weitgehende Rechte auf dem Server, welche zudem meist nicht explizit aufgeführt werden. Programmierbedingte Sicherheitsmängel sind dagegen selten und werden zudem in aller Regel recht schnell beseitigt. Anwender können in der jeweiligen Online-Community Hilfe finden, um ihr System auf dem neuesten Stand zu halten. Viele – vor allem private – Benutzer vernachlässigen jedoch die Pflege einer Webseite und sind sich der resultierenden Probleme nicht bewusst.

Fluff Files

Bereits mit den 'Bordmitteln' kann man es potenziellen Angreifern etwas erschweren. Bei der Installation werden einige unbenötigte, aber sehr verräterische, sogenannte 'Fluff Files' mit installiert, die sofort auf dem Server gelöscht werden sollten:

/robots.txt.dist
/web.config.txt
/joomla.xml
/LICENSE.txt
/README.txt
/htaccess.txt
/LICENSES.php
/configuration.php-dist
/CHANGELOG.php
/COPYRIGHT.php
/CREDITS.php

Wenn ein Angreifer weiß um welches System (CMS) es sich handelt, kann er systematisch nach bekannten Schwachstellen suchen - ist dies nicht bekannt hat er es wesentlich schwerer und die Wahrscheinlichkeit, vorher bemerkt zu werden, steigt.

Generator Meta-Tag

Wie in vielen Webseiten, gibt es auch in Joomla! einen Meta-Tag (Generator), der dafür genutzt wird um Statistiken zu erheben, auf welchem CMS die Webseiten im Netz basieren. Aus Sicherheitsggründen sollte diese Ausgabe unterbunden werden. Einige Templates bringen diese Funktion bereits von Haus aus mit - die Funktion muss also nur noch in den Einstellungen des Templates eingeschaltet werden.

Verantwortlich für diesen Meta-Tag ist ein Eintrag in der Datei

/libraries/joomla/document/renderer/html/head.php

Unter Joomla 3.6.5 befindet sich in Zeile 105 der Eintrag

$generator = $document->getGenerator();

Diesen auskommentieren

// $generator = $document->getGenerator();

und der Meta-Tag ist verschwunden.

Das Verändern der Joomla Core-Dateien ist allerdings grundsätzlich nicht zu empfehlen!

Obiger Hinweis soll lediglich aufzeigen, wo sich bestimmte Einträge verstecken. Bei jedem Update von Joomla werden natürlich u.U. die geänderten Dateien wieder mit Originalen überschrieben.

Eleganter ist die Verwendung kostenloser Plugins wie z.B.

Diesen Zweck erfüllt allerdings u.a. auch eine Web-Application-Firewall (WAF) wie z.B. RS Firewall.

Last modified on Thursday, 09 March 2017 10:31

Rate this item

(0 votes)