A few days ago, a critical vulnerability in the Joomla! core was found. It comes from an unsanitized input in the Joomla! core, which makes an SQL injection possible. The result of such an attack can lead to totally compromised websites - stolen login details, hijacking website access, malicious file uploads, etc. It’s a serious threat, without a doubt, and one that applies to all Joomla! 3.2 versions and above.
Server-level protection with custom WAF rules
As always, when facing a vulnerability, we tend to take immediate actions in-house. We wrote custom rules inside our Web Application Firewall (WAF) to prevent potential exploits in our Joomla sites at the server level. We have shared our firewall rules with the Joomla! Security Team, in case they could be of help to other hosts or developers that want to protect their websites.
Autoupdate our Joomla! sites to the new and secure version 3.4.5
No matter how many server level fences we put up, it’s always best to have the vulnerability patched and all holes closed. That is why, today, after Joomla! released the official patch for the vulnerability with version 3.4.5, we will update all Joomlas that have enabled Auto Updates to the new and secure version.
If you have disabled the Joomla autoupdate feature from your SiteGround cPanel, please make sure you update your Joomla as soon as possible on your own.