Site Hacked
-
-
Over the weekend, my church's website was hacked. As of right now, there are two things that I know happened:
First, the front page of the site was replaced with a "Turkish Hacker" page. Second, all of the user accounts in the site's database were renamed and given random passwords.
I've restored the web site pages from a backup and corrected the user account information. I've already taken the step of changing all the passwords in the database - including the root MySQL password, just in case. The site appears to be running normally - no evidence of heavy load or additional applications running, etc.
As of right now, I haven't discovered the point of entry, so I'm not sure how to defend against it. I can find no evidence that the hack extends beyond the website and its database, but there may be hidden things that I can't easily find.
My question to the group is: has anyone else experienced something like this and if so how are you preventing it from happening again?
FYI: The system is an Ubuntu 8.04 custom LAMP setup running Equinox in Joomla 1.5 (from a rocket-launcher). The system was updated last in July. It's currently running v 1.5.1 of Joomla (which I think came as part of the rocket launcher download).
-
-
-
- Yves
- Preeminent Rocketeer
- Posts: 9214
- Thanks: 5
-
You should update to latest version:
Joomla 1.5.7
.
Joomla Administrators Security Checklist: docs.joomla.org/Joomla_Administrators_Security_Checklist - Yves
-
-
-
Yves wrote:
You should update to latest version: Joomla 1.5.7 .
Before I could do this, I got hacked again!!
But, I am now running the latest code. I'm reading the checklist now.
Hopefully I can keep things running long enough to get it right.
-
-
-
- Yves
- Preeminent Rocketeer
- Posts: 9214
- Thanks: 5
- Install jSecure Authentication , it prevents access to administration login page without appropriate access key.
- Yves
-
-
-
- Jason Keys
- Newbie
- Posts: 9
- Thanks: 0
-
Same happened to me on the old version you are using, dont despair and if you cant get into your admin section because they have changed your admin password, go into myphpAdmin and run this query to change your admin password; in a text editor, replace 'newpass' with your new password and paste it in to the query string.
UPDATE `jos_users` SET `password` = MD5( 'newpass' ) WHERE `jos_users`.`username` = "admin" ;
Then patch/upgrade your version to the latest! To easy. - Yes Yes Yes! I Get it! Firebug is great AND saves time!
http://www.websitesforsmallbusiness.com.au
-
-
-
- Joe Sonne
- Sr. Rocketeer
- Posts: 147
- Thanks: 0
-
Yves wrote:
Install jSecure Authentication , it prevents access to administration login page without appropriate access key.
Now that is sweet!
Thanks for the pointer. - Take it to the edge.
-
-
-
Just FYI - I updated the site to the latest version of Joomla and (knock on wood) no re-hacks. The site's been up for more than a week now. I'll keep my finger's crossed and my eye on the security notice mailing list.
Thanks for all who helped.
Kevin
-
Time to create page: 0.060 seconds