0
Welcome Guest! Login
0 items Join Now

Hacking attempts immediately after RT template update

Last Post
Search Topic

  • Hacking attempts immediately after RT template update

    Posted 10 years 3 weeks ago
    • I use Admin Tools to watch for incorrect admin login attempts, among other questionable site activities.

      Curiously; after updating 2 sites to 1.9 Clarion, multiple incorrect admin login attempts happened simultaneously? All attempts used "admin" as the username. Both sites tried the same 3 passwords???

      This is too much of a coincidence for me to ignore.

      Q: Why would a RT template update trigger this negative attention to my sites?

      Q: Should I be doing something to help shield my sites from this issue?
    • Web Design + Photo + Video = Websites That Work!
    #1184408
    • Matt's Avatar
    • Matt
    • Preeminent Rocketeer
    • Posts: 22259
    • Thanks: 3223
    • messin' with stuff

    Re: Hacking attempts immediately after RT template update

    Posted 10 years 3 weeks ago
    • It wouldn't.... it's a coincidence... unless you've already been exploited (your site or your server) and the exploit was monitoring for site changes and attempted logins after it noticed them...

      There's lots of stuff out there concerning Joomla security that you can read up on... adding a secret word to the admin area via Admin tools (/administrator?secretword) is a good place to start...

      docs.joomla.org/Security_Checklist/Getting_Started
    • SEARCH the forum first! These boards are rich in knowledge and vast in topics. This includes searching just the 'Solved' forums, using Google, and using ChatGPT :woohoo:
    #1184427

  • Re: Hacking attempts immediately after RT template update

    Posted 10 years 3 weeks ago
    • Thanks Matt. I have been considering adding the secret admin link via Admin Tools. I can understand how this would be a good extra step.

      Are you aware of any tools or techniques to test my sites/server for any exploits.

      Thanks,
    • Web Design + Photo + Video = Websites That Work!
    #1184436
    • Matt's Avatar
    • Matt
    • Preeminent Rocketeer
    • Posts: 22259
    • Thanks: 3223
    • messin' with stuff

    Re: Hacking attempts immediately after RT template update

    Posted 10 years 3 weeks ago
    • I'd reason a guess there's some stuff available in the JED, but I haven't used any plugin of the like...

      You can use programs like WinMerge to do large diffs on folders and files... basically... if you have any file in your Joomla files that doesn't match the current release file, then you should inspect it and be wary...

      Similarly you can do a diff on your templates files against the current release you download from us...

      If I ever expect something might be up I do a quick scan (usually via FTP first... via shell if I'm more concerned and want to look at ALL the files) by File Modified Date... if I notice a file has changed recently, whereas all of it's neighbors have an older date, then I know something malicious might be up....

      Knowing the basic linux commands to show all files' modified dates and grep by a specific date pays dividends in this regard...

      Generally speaking exploits get in through whatever file they can get in through and then they target your template's index.php to display whatever malicious code they want live on your size... some lurk elsewhere, but most exploits want to publish live content and your index.php is the best place for that...

      Hope that helps
    • Last Edit: 10 years 3 weeks ago by Matt.
    • SEARCH the forum first! These boards are rich in knowledge and vast in topics. This includes searching just the 'Solved' forums, using Google, and using ChatGPT :woohoo:
    #1184513

Time to create page: 0.057 seconds