SQL Injection in Joomla – Is It Still a Concern?

The last time we had a case of SQL injection on a Joomla website was a long time ago – and the affected Joomla website was a Joomla 1.5.10 website (which is highly exploitable – even by Joomla 1.5.26 standards). Since then (we are now in October of 2016), we have not seen a single case of SQL injection on a Joomla website.

Does that mean that Joomla is more secure now?

Well, Joomla is much more secure now than anytime in the past, but that is not the only cause leading to the significant drop of SQL injection attacks on Joomla websites. In fact, there are other, more important, causes for this drop:

  • Security tools on servers becoming mainstream: A few years ago, ModSecurity was installed on a very small percentage of servers. Nowadays, almost all servers come with ModSecurity installed and enabled by default (hence the increase of quirks on Joomla websites caused by ModSecurity). ModSecurity is excellent in blocking patterns that may lead to a SQL Injection attack.
  • A more rigid process for accepting Joomla extensions: Joomla extensions were notorious for being insecure. But, as of a couple of years ago (when the JED was revamped), the once lax process of accepting and testing Joomla extensions evolved into a more serious and rigid process, quickly rejecting extensions that do not meet the Joomla security standards. Additionally, the process of immediately suspending vulnerable extensions (and publishing them on the the VEL [the Joomla Vulnerable Extensions List]) has forced developers to ensure that all user input is filtered properly in their extensions.

  • A lack of attackers’ interest in SQL injection: Attackers follow the trends, and SQL injection is no longer the trend. In fact, the current trend is to initially upload a few files and then overwrite some core files, ultimately controlling the website and use it to attack other websites and/or use it to download malware to innocent visitors’ computers. Attackers are simply no longer interested in altering the database in any way (for unknown reasons), even though they could (if the attacker is able to upload one file – just one file – to a website, then he can potentially read the main configuration file and then gain easy access to the database).

We think that the last point is the most important one of the lot – it is the mysterious absence of interest in modifying the database (by the attackers) that has contributed the most in the huge drop of SQL injection attacks. One would think that the attackers have a syndicate that decides which types of attacks are allowed and are not allowed – and it seems that some time ago, the syndicate has decided that SQL injection attacks are no longer permitted.

Whatever the real reason behind this is, we hope that SQL injection attacks remain very low on Joomla websites, because database hacks are the worst type of hacks on any website.

So to answer the question of this post – is SQL Injection in Joomla still a concern? – then the answer is yes – it is – simply because vulnerable websites can still be easily SQL injected – but it’s just that the attackers have elected to stop doing it, and it may be only a matter of time before they revert back to their old habit.

Now if you, our dear reader, are one of those unfortunate Joomla administrators whose website experienced the worst type of hacks, then fear not, all you need to do is to contact us. We’ll cleanup your website and we’ll secure it for you quickly, efficiently, and affordably!

No comments yet.

Leave a comment