Joomla Admin Security Best Practices Since Recently Hacked?
-
-
- oj09
- Hero Rocketeer
- Posts: 395
- Thanks: 0
-
Hi All,
I created a site with Joomla running 2.5.7 version, that recently was attacked and brought to my attention by my hosting company.
They requested that I delete ALL files and folders within my public_html/ directory which would clear the issue and then I could re upload my site/files from a previous site backup. They told me that the attack was a 'Permanent Server Process' - although I have never come up against this kind of issue before, to even know where to begin understanding what happened, how, why and how to try to limit it happening again.
However, I do have the following routes of Security installed / selected within my 2 Joomla sites;
Admin Exile Plugin, which enables me to activate a much harder to crack Admin URL than just the standard /administrator/ one and only once the right credentials are submitted, will it send me or anybody else to the standard /administrator/
Admin Tools Core 2.4.1 Extension, great several features as I'll detail below;
Firstly I've selected 'Master Password' which you can lock many admin tool features, in effect locking down the whole extension.
I've also activated 'Password Protected Administrator' which "This feature will password-protect your administrator area using .htaccess files. Your server must support this type of password protection."
I've also used the 'Super Administrator ID' which enables me to change the default super admin ID that comes as standard with joomla, again another feature to just help try to secure your install as much as possible.
I also changed the 'Database Prefix' from the standard joomla one.
There are some other features like - Permissions Configuration, Fix Permissions, SEO and Link Tools, Clean Temp-Directory, Change Database Collation, Repair & Optimise Tables, Purge Sessions,
I was advised by my host to do the following;
- Remove any install files
- Check your directory permissions with 'Check Site Permissions' in eXtend, and correct any that are too high
- Create or update your php.ini / php5.ini file to include the directives:-
allow_url_fopen = 0
allow_url_include = 0
Of which I did all the above 3 on both of my joomla based sites.
I also changed the main ftp account password to a quite lengthy one, mixed with upper case and lowercase letters, numbers and multiple symbols.
I also changed the main joomla administrator account passwords, again like the above main ftp account password.
I also use the 'Akeeba Backup' extension and to go with this, I also manually backup my site files and DB files, just to make sure.
My host also gives you an 'FTP Lock' which even I cannot access with the correct login details, if it's set as locked, I can unlock for 1 hour (Recommended) or 4 hours, 1 day or 7 days and 28 days, with which the latter two are not recommended by my hosting company.
I also have my configuration.php, php5.ini, .htaccess.txt permission set as '644'.
So people, what else can I or should I be doing to secure my Joomla installs?
Am I missing anything that I'm not currently aware of.
I will be very grateful of anybody who can help me tighten things up, to try and limit the recent attack from happening again. I do know we can't stop it 100% from happening but I don't want to be going through the recent nightmare too often lol!
Regards,
-
-
-
- Who?
- Preeminent Rocketeer
- Posts: 25562
- Thanks: 613
- Joomla freelancer
-
You can also try to use RSFirewall extension. It helped me few time in the past
- Check my services at: Mihha-Vision
-
-
-
- oj09
- Hero Rocketeer
- Posts: 395
- Thanks: 0
-
Hi Igor,
I will look in to that extension in a short while, thanks for the heads up on that.
In the meantime, from what I've detailed above... do you think I'm getting a good enough handle and doing a fair amount of securing my joomla sites?
Is there anything else you think I may have overlooked / missed from my list above?
I know none of us will ever get anywhere near 100% secure, that just doesn't happen but I'd like to get as close as possible without it costing me an arm and a leg also... I don't fancy needing to ask the bank manager for a loan lol.
Regards,
-
-
-
- Who?
- Preeminent Rocketeer
- Posts: 25562
- Thanks: 613
- Joomla freelancer
-
Seems ok to me. As you said, you just can't be 100% safe from attacks, unfortunately
- Check my services at: Mihha-Vision
-
-
-
- SSMeredith
- Sr. Rocketeer
- Posts: 152
- Thanks: 0
-
These are all things we do and suggest others do on our server. We also use and provide RS firewall for Joomla customers. If you are on a dedicated server also look into ConfigServer Security package. I'm not sure if this can be installed on VPS and not available on shared unless your host offers this.
You may want to check your Joomla extensions. Sometimes an extension can cause holes in your security that you may not be aware of. Check your installed extensions against this list to double check: docs.joomla.org/Vulnerable_Extensions_List
Good luck!! And look into the RS Firewall, we're happy with it so far...
-
Time to create page: 0.083 seconds