Jump to content

How to Tell if a Website Is Running Joomla

+ 1
  adfm's Photo
Posted Mar 26 2010 12:57 PM

Have you had a sneaking suspicion that a site may be running Joomla, but you're not quite sure of it? In this excerpt from Severdia & Crowder's Using Joomla you'll learn some of the methods of determining if the site in question is indeed running Joomla.


There are several things you can do to see if a website is running Joomla. Unfortunately, some people will try to obscure certain things to make some of the methods mentioned not work, so we’ll share some of those tricks as well.

generator meta tag

The easiest method is to view the website’s source code. If you see the following line, you can be sure that you are looking at a Joomla website:

<meta name="generator" content="Joomla! 1.5 - Open Source Content Management" />

Note

To prevent your website from showing the contents of the generator meta tag, add the following to your template’s index.php file on the line after the check to see if _JEXEC is defined:

$this->setGenerator();

This will not completely remove the generator meta tag, but it will remove Joomla! 1.5-Open Source Content Management from displaying. We cannot completely remove the tag without a hack since the shell of this meta tag is hardcoded in the framework.

/administrator

It’s too easy, right? Just like you type /administrator at the end of your domain name URL in order to access the Administrator Backend, so do all other Joomla users.

If you see a Joomla Administrator login screen, you can confirm it’s a Joomla website.

Note

Unfortunately, there is no easy way to change the administrator directory. You can password protect the administrator folder, but if someone types /administrator and gets a password-protected folder, they will be able to conclude that you are likely running a Joomla website.

tp=1

We just discussed this feature in detail in the section called “View All of the Module Positions” in Chapter 9, Modules. Go to http://www..com/index.php?tp=1.

If you see module positions overlayed on the screen, the site is a Joomla website.

Note

For directions on preventing this check from working on your site, please refer to Chapter 20, Security.

Check for Default Joomla Template

By adding the template= parameter to the end of a Joomla URL, you can change the template for that page. If it works, the person is using a Joomla website.

Navigate to one of the following URLs:

Note

For directions on preventing this check from working on your site, please refer to Chapter 20, Security.

View a Core XML File

Joomla uses XML files to install components, manage parameter types, and more. If we are able to pull up a core XML file, it can be assumed that the website we are viewing uses Joomla.

Go to http://www..com/administrator/components/com_content/content.xml.

Note

For directions on preventing this check from working on your site, please refer to Chapter 20, Security.

View the robots.txt File

Since all Joomla websites have a robots.txt file, this is an easy one to test.

Navigate to http://www..com/robots.txt.

If you see they do have a robots.txt file, compare it with the text below. If it matches, you are looking at a Joomla website:

1 User-agent: *

2 Disallow: /administrator/

3 Disallow: /cache/

4 Disallow: /components/

5 Disallow: /images/

6 Disallow: /includes/

7 Disallow: /installation/

8 Disallow: /language/

9 Disallow: /libraries/

10 Disallow: /media/

11 Disallow: /modules/

12 Disallow: /plugins/

13 Disallow: /templates/

14 Disallow: /tmp/

15 Disallow: /xmlrpc/

Note

To disable this on your website, delete your robots.txt file. Even though this sounds like an easy thing to do, we don’t recommend it. We think the benefits of having a robots.txt file outweigh the downsides of not having one. More information on robots.txt can be found in the section called “Blocking Search Engines”.

View Their configuration.php-dist File

Since all Joomla websites come with a configuration.php-dist file, this is another easy one to test. Navigate to http://www..com/configuration.php-dist.

Note

To disable this on your website, delete your configuration.php-dist file. After installation, this file is no longer needed, so there’s no harm in deleting it.

Using Joomla

Learn more about this topic from Using Joomla.

With Joomla, you don't need to have any technical expertise or web design experience to create effective websites and web apps. Whether you're creating your first website or building a multi-function site for a client, this book provides straightforward, hands-on instruction that makes it easy to learn this open source web content management system.

See what you'll learn


Tags:
0 Subscribe


1 Reply

 : Mar 30 2010 08:06 PM
Do you have a similar solution for drupal? I know drupal will have a user log in at domain/user that looks very different from others but thats not fool proof.
Nicolewelsh