As you can read in the post installation message that is new as of Joomla 3.9.3, "Since Joomla 3.9.3, Joomla is shipped with additional security hardenings in the default htaccess.txt and web.config.txt files. These hardenings disable the so called MIME-type sniffing feature in webbrowsers. The sniffing leads to specific attack vectors, where scripts in normally harmless file formats (i.e. images) will be executed, leading to Cross-Site-Scripting vulnerabilities.
The security teams recommends to manually apply the necessary changes to existing .htaccess or web.config files, as those files can not be updated automatically." How to manually apply these necessary changes to prevent browsers from sniffing your Joomla site is what today's Maintenance Monday is all about.
- Video tutorial: Disabling the MIME-type Sniffing Feature of Web Browsers
- Presented by: Tim Davis
- Platform: Maintenance Monday Livestream #079 on YouTube
- Tutorial focused on Joomla site security
- Explains how to prevent browsers from sniffing for cross-script exploitation in images
- Tim Davis demonstrates the process on-screen
- Reminder to visit "basicjoomla.com/giveaways" for a contest
- Discussion about Joomla 3.9.3 update recommendation
- Introduces code addition to .htaccess and web.config.txt files
- Demonstrates how to locate and edit these files using cPanel's file manager
- Caution advised when editing .htaccess files due to potential server errors
- Code examples and explanation provided for adding to .htaccess and web.config files
- Explains how to add comments to .htaccess file
- Tips for managing files based on hosting setup (Windows vs. non-Windows servers)
- Concludes by discussing chat interaction, encouraging changes for Joomla sites older than 3.9.3
- Thanks viewers for support and introduces option to join a Zoom call for more discussion
- Mention of checking Twitter for shared links and information about Joomla security
- Links to resources on Joomla.com for further understanding of MIME sniffing and security measures
SUBSCRIBE TODAY! â–º https://goo.gl/N6y5bH
Watch Me Work live streams ► • Find and Replace ...
Here are some of the links mentioned in this Live Stream - and some others:
Contact Tim Davis â–º
Joomla Training Cohort â–º https://cybersalt.com/jtc
mySites.guru â–º https://mysites.guru
MigrateMe 4 â–º https://www.php-web-design.
Stageit for Joomla ► • First Look at Sta...
Backing Up Your Joomla Site with Akeeba ► • How to Backup a J...
Better Frontend Link â–º https://regularlabs.com/
FOLLOW US ON TWITTER! â–º @basicjoomla
Like Us On FaceBook! â–º https://www.facebook.com/
Add comment