0
Welcome Guest! Login
0 items Join Now

Change default login name - do NOT use "admin"

Last Post
Search Topic

  • Change default login name - do NOT use "admin"

    Posted 16 years 6 months ago
    • I recently had several sites hacked and the only thing I can figure out is that I had not changed the default login user from "admin" and there is a known exploit out there that "tricks" your site into thinking you're still logged in as admin and then the hackers "force" a new password for the "admin" user ID if it's in the first (user ID 1 in mySQL jos_users table).

      Go NOW to your site and make sure you change your default login name to something random with upper case/ lower case/ special characters, etc.

      They went into my site, installed a Joomla app that gave them FTP access, uploaded some spam host PHP that allowed users in Russia to send thousands of spam messages per day via my hosting account - causing my whole webspace to get shut down by my host. A real PAIN.

      Also make sure you use a FTP account and password for yoru joomla site that ONLY has access to your joomla "folder" or part of your webspace.

      I'm certain that I read to do these long ago but figured "it won't happen to me". I was wrong.
    #224917

  • Re: Change default login name - do NOT use "admin"

    Posted 16 years 6 months ago
    • Wasn't that issue fixed in the new updates of Joomla?
    • James Spencer / Developer & Support / Hull, UK
    #225143

  • Re: Change default login name - do NOT use "admin"

    Posted 16 years 6 months ago
    • I'm not sure. Happened to me on 1.5.2 Any advice on how to prevent hacks in the future would be certainly appreciated. I had a client walk to their lobby to show one of their partners their nifty new website (that I had helped them with) only to get a big screen saying... "YOUR SITE HAS BEEN HACKED BY"... some "supposed" group in Turkey. Nice big Turkish flag flying and some grunge music playing full blast. Not a good day for me.
    #225453

  • Re: Change default login name - do NOT use "admin"

    Posted 16 years 6 months ago
    #225603

Time to create page: 0.080 seconds