Tips to Check a website whether they are running Joomla CMS
Please be advised that the following article is an exact replica of How to Tell if a Website Is Running Joomla - O'Reilly Answers. It's more like a note for myself.
Have you had a sneaking suspicion that a site may be running Joomla, but you're not quite sure of it? In this excerpt from Severdia & Crowder's Using Joomla you'll learn some of the methods of determining if the site in question is indeed running Joomla.
There are several things you can do to see if a website is running Joomla. Unfortunately, some people will try to obscure certain things to make some of the methods mentioned not work, so we’ll share some of those tricks as well.
The easiest method is to view the website’s source code.
If you see the following line, you can be sure that you are looking at a
Joomla website:
It’s too easy, right? Just like you type
/administrator at the end of your domain name URL
in order to access the Administrator Backend, so do all other Joomla
users.
If you see a Joomla Administrator login screen, you can confirm it’s a Joomla website.
We just discussed this feature in detail in the section called “View All of the Module Positions” in Chapter 9, Modules. Go to
http://www..com/index.php?tp=1.
If you see module positions overlayed on the screen, the site is a Joomla website.
By adding the
Navigate to one of the following URLs:
Joomla uses XML files to install components, manage
parameter types, and more. If we are able to pull up a core XML file, it
can be assumed that the website we are viewing uses Joomla.
Go to http://www..com/administrator/components/com_content/content.xml.
Since all Joomla websites have a
Navigate to http://www..com/robots.txt.
If you see they do have a
Since all Joomla websites come with a
Have you had a sneaking suspicion that a site may be running Joomla, but you're not quite sure of it? In this excerpt from Severdia & Crowder's Using Joomla you'll learn some of the methods of determining if the site in question is indeed running Joomla.
There are several things you can do to see if a website is running Joomla. Unfortunately, some people will try to obscure certain things to make some of the methods mentioned not work, so we’ll share some of those tricks as well.
generator meta tag
<meta name="generator" content="Joomla! 1.5 - Open Source Content Management" />
Note
To prevent your website from showing the contents of the generator meta tag, add the following to your template’sindex.php
file on the line after the check to see
if _JEXEC
is defined:$this->setGenerator();
This will not completely remove the generator meta tag, but it
will remove Joomla! 1.5-Open Source Content
Management from displaying. We cannot completely remove the
tag without a hack since the shell of this meta tag is hardcoded in
the framework./administrator
If you see a Joomla Administrator login screen, you can confirm it’s a Joomla website.
Note
Unfortunately, there is no easy way to change the administrator directory. You can password protect the administrator folder, but if someone types /administrator and gets a password-protected folder, they will be able to conclude that you are likely running a Joomla website.tp=1
If you see module positions overlayed on the screen, the site is a Joomla website.
Note
For directions on preventing this check from working on your site, please refer to Chapter 20, Security.Check for Default Joomla Template
template=
parameter to
the end of a Joomla URL, you can change the template for that page. If
it works, the person is using a Joomla website.Navigate to one of the following URLs:
- http://www..com/index.php?template=rhuk_milkyway
- http://www..com/index.php?template=beez
- http://www..com/index.php?template=ja_purity
Note
For directions on preventing this check from working on your site, please refer to Chapter 20, Security.View a Core XML File
Go to http://www..com/administrator/components/com_content/content.xml.
Note
For directions on preventing this check from working on your site, please refer to Chapter 20, Security.View the robots.txt File
robots.txt
file, this is an easy one to
test.Navigate to http://www..com/robots.txt.
If you see they do have a
robots.txt
file,
compare it with the text below. If it matches, you are looking at a
Joomla website:1 User-agent: *
2 Disallow: /administrator/
3 Disallow: /cache/
4 Disallow: /components/
5 Disallow: /images/
6 Disallow: /includes/
7 Disallow: /installation/
8 Disallow: /language/
9 Disallow: /libraries/
10 Disallow: /media/
11 Disallow: /modules/
12 Disallow: /plugins/
13 Disallow: /templates/
14 Disallow: /tmp/
15 Disallow: /xmlrpc/
Note
To disable this on your website, delete yourrobots.txt
file. Even though this sounds
like an easy thing to do, we don’t recommend it. We think the benefits
of having a robots.txt file outweigh the downsides of not having one.
More information on robots.txt
can be found in the section called “Blocking Search Engines”.View Their configuration.php-dist File
configuration.php-dist
file, this is another
easy one to test. Navigate to
http://www..com/configuration.php-dist.Note
To disable this on your website, delete yourconfiguration.php-dist
file. After installation,
this file is no longer needed, so there’s no harm in deleting
it.
No comments:
Post a Comment