0
Welcome Guest! Login
0 items Join Now

Hacked within first 2 minutes of Joomla install

Last Post
Search Topic
    • GollumX's Avatar
    • GollumX
    • Elite Rocketeer
    • Posts: 2817
    • Thanks: 0

    Re: Hacked within first 2 minutes of Joomla install

    Posted 17 years 6 months ago
    • sorry to hear that natalie.

      Scary to hear your host does not provide logs. Usually even shared hosts must have logs, even if it's cleared every 24hrs. Personally, no logs would be a deal breaker for me and i'd find another host.

      I recommend you change every password associated with the account... email passwords,cpanel,FTP,MySQL.

      Good luck Natalie
    • Say no to Internet Explorer 6.
      twitter.com/mark_up
    #63249

  • Re: Hacked within first 2 minutes of Joomla install

    Posted 17 years 6 months ago
    • Servage has been pretty responsive so far, and they seem to be keeping an eye on things, so I'm cutting them some slack for now.

      Since zero configuration had gone into the site, i don't have a lot to lose right now except for aggravation. There are just a few temporary html pages on the front and i have backups of those. No email addresses or anything had gotten set up. Didn't even get that far before getting hit on the head -- BANG!!
    #63255
    • GollumX's Avatar
    • GollumX
    • Elite Rocketeer
    • Posts: 2817
    • Thanks: 0

    Re: Hacked within first 2 minutes of Joomla install

    Posted 17 years 6 months ago
    • Have you scanned your PC for virii, trojans and other malware?

      You could have a keylogger installed.
    • Say no to Internet Explorer 6.
      twitter.com/mark_up
    #63269

  • Re: Hacked within first 2 minutes of Joomla install

    Posted 17 years 6 months ago
    • Good point, Gx -- I'm scanning now... I have up-to-date antivirus software, and my computer is an Intel Mac *without* Windows installed, but certainly anything is possible...
    #63276

  • Re: Hacked within first 2 minutes of Joomla install

    Posted 17 years 6 months ago
    • Finished the scan. No viruses... And my FTP situation got cleared up. Not sure what the issue was -- maybe a combination of my changing passwords and my host trouble shooting at the same time and/or cache problems. Don't know that I'm in the clear with all this yet though. A couple of other items my host is still looking into.

      Peter - were you suggesting that I should post the responses to the security checklist here? Or just that I send it to security [at] joomla [dot] org? (Wasn't sure which 'forum' you meant) Thanks, as always :)
    #63367

  • Re: Hacked within first 2 minutes of Joomla install

    Posted 17 years 6 months ago
    • If you found no issues than no need to report.
    • VirtueShop
    #63371

  • Re: Hacked within first 2 minutes of Joomla install

    Posted 17 years 6 months ago
    • Okay, doing much better now. As far as I can tell, the issues have been resolved.

      A few important things to know about Servage hosting (for anyone out there who is using them):

      1. Servage uses cluster servers and this means that it is not possible for them to retrieve server logs relating to a specific domain. (My bad. I should have realized this before signing up with them.)

      2. Change your FTP password and client account password BEFORE attempting a Joomla install. Note that the FTP and client passwords have to be set separately in the Servage account admin interface. (See "FTP accounts" and "Your account" sections.)

      3. If you use their auto-install function (which I wouldn't recommend), be aware that the default CHMOD for all Joomla folders is 777. It seems that this is what allowed my site to get hacked so quickly after install.

      4. If you install into a subfolder, don't call that subfolder "joomla" -- call it something else "joom1" or whatever. Might also have been a reason why the hackers found me so quickly. Not sure.

      5. You have to set register_globals through the Servage client admin interface. Click on Web Server -> Advanced. You cannot edit register_globals directly through the globals.php file.

      6. You will not be able to edit any of your global configuration settings unless you temporarily switch the CHMOD for configuration.php to 777. (Be sure to switch it back to 644 when you're done.)

      7. You cannot install any extensions unless safe mode is turned off. To temporarily turn safe mode off, go to Servage's client admin interface and click on Web Server -> Advanced.

      8. Servage does not have any support forums to search and their FAQ offering is limited (relating to Joomla, it's non-existent). This means submitting a support ticket any time there is a question or issue.

      I chose Servage for a variety of reasons -- my client had very specific requirements about payment options, the host had to be in Europe, preferably Germany, but the site had to be in English, etc. Also Servage was recommended on one of the RT posts here so I decided to give them a try.

      Overall, I will give them credit for being responsive, and ultimately it seems (for now at least) that the issues have been resolved. But from the perspective of their being knowledgeable about Joomla and how their system works with it, I would say there's room for improvement. Many of the installation problems I had could have been addressed with a simple FAQ relating to their specific setup for Joomla. And on my side, maybe I should have known to look for these things in advance, or maybe I should never have tried the auto-install in the first place. Live and learn. Anyway, I offer the above info for the benefit of others. Here's knocking on wood that there are no repeats of the last 24 hours in store for me or for any of you any time soon... Thanks to all for your support and patience.

      Natalie
    #63545

Time to create page: 0.055 seconds