HACKED. HACKED. HACKED!!
-
-
- oisin
- Newbie
- Posts: 16
- Thanks: 0
-
I went to my site today only to find a frontpage message saying HACKED BY SHOWHACKER - - WE ARE TURKİSH HACKERS
. I cannot login to the backend. A google search of this message shows only 3 items found, one is my site, the other is another Rockettheme template, I dont know what the other is. Any idea what is going on here and what I can do to prevent this?
Thanks
Oisin
-
-
-
- Brick
- Jr. Rocketeer
- Posts: 49
- Thanks: 0
-
I had a similar experience and it came back to a module that I had downloaded for an image scroller. I learned 2 important lessons:
1.) Always keep a back up of all files and frequent database copies (the deleted half my databases)
2.) Be cautious when installing 3rd party applications.
-
-
-
- oisin
- Newbie
- Posts: 16
- Thanks: 0
-
Thanks,
Can you give any pointers as to how I left myself exposed to this.
I had a lot of templates uploaded on that domain and quite a few third party extensions, I was using it for testing/learning basically.
Although it was Joomla 1.5 it was not the very latest release.
What other factors are relevant in keeping things secure
P.S. What do you recommend for backups
Cheers
Oisin
-
-
-
- Yves
- Preeminent Rocketeer
- Posts: 9214
- Thanks: 5
-
Last version is 1.5.8. All previous versions are at risk.
See Security Checklist: docs.joomla.org/Category:Security_Checklist
Backup component: JoomlaPack - Yves
-
-
-
- JEM
- Preeminent Rocketeer
- Posts: 17917
- Thanks: 4
-
Don’t depend on your host’s back up, while they might help in a pinch, if something happens to their back-up and you don’t have one… Also, most hosts only keep back ups for two or three days at the most, so if you don’t catch an error within that time frame you’re out of luck.
There are a lot of back-up solutions out there, one of which is pretty popular here, joomlapack. (Mentioned by Yves in the previous post)
www.joomlapack.net/
If you don't use a software solution to make back ups of your site, you can at least do the following if you have access to a CP with your host:
A) Create a new folder. For future reference it helps to have a date, something like my_site_11.17.08
Copy your Joomla folder, or the contents of it to the new folder.
C) Archive the folder and downloaded it to your local machine.
D) Through your CP, access MySQL and back up the database. Doing so will automatically download a copy to your local machine.
Do this on a regular basis.
How often depends on the content of your site, if it doesn't change much, than weekly or bi-weekly should be enough.
I guess a good rule of thumb is to decide how much data you're willing to lose in a catastrophe; while restoring from a back up on a static site may mean only having to replace a add a few articles, on an active site it could be a nightmare.
You should also back up your site before or after any major changes; upgrading a version, adding components, etc. - Thanks,
jim
-
-
-
- Kat05
- Preeminent Rocketeer
- Posts: 25898
- Thanks: 334
-
hi brick!
i had a local joomla install on my pc and half hour after installing an imageslider module my site did not work anymore, both frontend and backend made the browser give the message: apache http does not work anymore....
now i am wondering if we are talking about the same module here. if yes, we should leave a comment on extensions.joomla.org. the module i used is listed there.... - Kat05 / QA Lead & Support / Germany
-
-
-
- Brick
- Jr. Rocketeer
- Posts: 49
- Thanks: 0
-
Hi Kat,
I totally agree. Its sad that people spend time doing nothing but ruining other people's work. The module image slider I used was Ignite Gallery. In everything I have found on the hacked site it points to this module being the issue.
An interesting side note. As I was rebuilding the site I downloaded what was left of the database to my computer. I opened it in dreamweaver, hoping I could pick out some of the content so I wouldn't have to retype everything.
When I previewed the content (using the 'design' tab) a was met with a large image telling me that I had been hacked and even gave the hackers signature! I have attached that image.
Also, Jem, thanks for the heads up on the backups. I checked up on it and my host doesn't keep my backup database very long so I went in and downloaded a copy to my computer.
Im determined not to be affected by these annoying hackers anymore.
Best wishes!
-
-
-
- Ben Lee
- Elite Rocketeer
- Posts: 4193
- Thanks: 42
-
I've been trying to run a thread that has a lot of updates for code things per version as well as security notes links. You might find some helpful information there.
Every time I come across a good reference to something that helps prevent this, I try to make a note of it. I'm going to be keeping all of my notes in this thread from now on:
http://www.rockettheme.com/forum/index.php?t=46753&rb_v=viewtopic
Since reading through the links I have posted and reading posts like your's, I structure all my sites around being Native Joomla 1.5 components and I always try to download them from reputable sources. If it's Rockettheme or Rocketwerx I trust it, but if it's something I don't know, I'm very leary.
Thank you for sharing though. You sharing your unfortunate experience will undoubtedly save someone else from suffering the same thing!
-
Time to create page: 0.093 seconds