The Joomla Training Cohort has been launched!

Please send any feedback or bug reports to [email protected] (opens new link)  

As you can read in the post installation message that is new as of Joomla 3.9.3, "Since Joomla 3.9.3, Joomla is shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in webbrowsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (i.e. images) will be executed, leading to Cross-Site-Scripting vulnerabilities.

The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically." How to manually apply these necessary changes to prevent browsers from sniffing your Joomla site is what today's Maintenance Monday is all about.

 

 - Video tutorial: Disabling the MIME-type Sniffing Feature of Web Browsers
- Presented by: Tim Davis
- Platform: Maintenance Monday Livestream #079 on YouTube
- Tutorial focused on Joomla site security
- Explains how to prevent browsers from sniffing for cross-script exploitation in images
- Tim Davis demonstrates the process on-screen
- Reminder to visit "basicjoomla.com/giveaways" for a contest
- Discussion about Joomla 3.9.3 update recommendation
- Introduces code addition to .htaccess and web.config.txt files
- Demonstrates how to locate and edit these files using cPanel's file manager
- Caution advised when editing .htaccess files due to potential server errors
- Code examples and explanation provided for adding to .htaccess and web.config files
- Explains how to add comments to .htaccess file
- Tips for managing files based on hosting setup (Windows vs. non-Windows servers)
- Concludes by discussing chat interaction, encouraging changes for Joomla sites older than 3.9.3
- Thanks viewers for support and introduces option to join a Zoom call for more discussion
- Mention of checking Twitter for shared links and information about Joomla security
- Links to resources on Joomla.com for further understanding of MIME sniffing and security measures

Monday Maintenance 079

SUBSCRIBE TODAY! â–º https://goo.gl/N6y5bH

😴👌Watch Me Work live streams â–º    â€¢ Find and Replace ...  

Here are some of the links mentioned in this Live Stream - and some others:

Contact Tim Davis â–º This email address is being protected from spambots. You need JavaScript enabled to view it.

Joomla Training Cohort â–º https://cybersalt.com/jtc

mySites.guru â–º https://mysites.guru

MigrateMe 4 â–º https://www.php-web-design.com/Joomla...

Stageit for Joomla â–º    â€¢ First Look at Sta...  

Backing Up Your Joomla Site with Akeeba â–º    â€¢ How to Backup a J...  

Better Frontend Link â–º https://regularlabs.com/betterfronten...

FOLLOW US ON TWITTER! â–º @basicjoomla

Like Us On FaceBook! â–º https://www.facebook.com/basicjoomla


Interesting blog? Like it on Facebook, Post it or share this article on other bookmarking websites.

Written by:
Tim Davis is the founder and owner of Cybersalt.
Log in to comment

Add comment

Submit