ROCKETTHEME IS CLOSING ON JUNE 30, 2025. As a thank-you to our community, enjoy 50% off all themes with the promo code THANKYOU before we shut down.
Read our Farewell Blog Post for more details.
hacked sites with newest joomla
-
-
- G.P.P
- Rocketeer
- Posts: 56
- Thanks: 0
-
Hello just want to make a heads up
On my server I got around 100 domains with joomla sites on last week I got all the new
1.5 joomla sites hacked simultanios with a html page + they have now changed so I cant enter the sites even if I change the admin password in the Mysql
some of the sites I getting a XXS script warning on when trying to upload pics jpg on it.
I have looked over the modules and all are updated and those I dont use are not installed/removed
my webhotel stating its been hacked true the joomla site not true ftp or acces to my webhotelaccount
But all the old joomla is working fine
any tips how to make joomla more secure ? - pardon for bad english grammar, write a guide please.
-
-
-
- Invision
- Hero Rocketeer
- Posts: 261
- Thanks: 0
-
docs.joomla.org/Category:Security_Checklist
Well, i remember a tutorial somewhere, But cannot find it. It has a lot to do with .htaccess file. If you have a static IP you can disable other IP's frm entering the admin panel. Also, you can stop certain scripts/codes.
If/when i find them, Will PM you with it
for now you can refer the above as well as RT forums. There is a tutorial. Just search
- Apache Version 2.2.14 (Unix) | PHP Version 5.2.12 | MySQL Version 5.1.43-log | Architecture x86_64 | OS Linux | Joomla Version 1.5.20 | pHpBB v3.0.7-PL1 | Firefox v3.6.8 | Internet Explorer 8 |
-
-
-
- Frances Arden
- Sr. Rocketeer
- Posts: 156
- Thanks: 0
-
About 7 of my Joomla sites were hacked by "SecurityBus" about a week ago. The current sites were up to date but there was an old 1.0 site in a sub-folder that I'd forgotten about that gave access to my account and once in all the other sites could be attacked.
I thought I'd fixed everything - but 2 days later a phishing site was discovered by Google and my webhost on my account - and my entire account was suspended. So beware! Apart from the distracting hassle of all the index.php pages being altered and passwords being changed, something really nasty may be hidden in an obscure folder somewhere on your account.
After being hacked on a lesser scale 18 months ago, I always set up the third account on the site as a fallback super-admin account as it is usually the first admin account that gets attacked, and this way you can still get into your site and just delete the first admin account.
-
Time to create page: 0.074 seconds