Re: Hacked
-
-
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
-
We've never had any reports that the templates are vulnerable. However, the login module is based on the 1.0.12 version, and there were some things changed in the 1.0.13 login module. The problem is that changes are not backwards compatible, and from my quick comparison of the files, some session stuff was added but it don't really see any changes that would improve/deter hacking. The thing is the module is just a form that passes data to the framework. The framework does all the nitty gritty security stuff, so even if you used this 1.0.12 based login module I can't really see you could of been hacked through it.
Aside from that there's really not enough meat in this templates to abuse and hack through. It's much more likely it's related to permissions or brute force attack on a password.
-
-
-
- kimmc7arts
- Sr. Rocketeer
- Posts: 184
- Thanks: 0
-
I am so fed up with these hackers! And the time and sometimes money it takes to try and solve their aftermath. This is the last thing I want to do on New Year's eve. Everyone blames everything else and no one has come up with a solution.
This is a very simple situation. Joomla v. 13 and cool rockettheme template. Site with no traffic and no point of even hacking. Yet it gets hacked. I too had another site last month hacked from Turkey, but I was able to figure out the third party component. I don't know how it was done - I am just trying to find a solution and plug the hole wherever it is.
The only steps I am aware of to protect a site is to do what you can to not draw attention it is a Joomla site and keep the components up to date. If there is a vulnerability with the template, then I am also doing the community a service by trying to eliminate it as the source.
I will have to read all the documentation and see if upgrading to 1.5 is more secure. I don't even think this template comes in a 1.5 version. Again, I am frustrated by the hackers and not being able to stop this.
-
-
-
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
- It does have a 1.5 version and in theory 1.5 should be more secure that 1.0 because it has input filters on EVERYTHING.
-
-
-
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
- BTW, rockettheme has hack attempts probably at least once or twice a minute. I use a sophisticated security script for cpanel/whm that detects these attempts and locks out the IP. I really have found it's the only way to thwart these attacks.
- Last Edit: 16 years 10 months ago by Andy Miller.
-
-
-
- Joe K
- Elite Rocketeer
- Posts: 902
- Thanks: 0
-
John,
I had a site for a Volunteer Fire Company hacked last week. They used the site to then launch denial of service attacks on another site. When I check the stats log it was like a list of every third world country. Who would hack a site for firefighters? I think what they really do is search for sites using the third party component that is known to have issues.
I did some research and there are some great security measures you can take to protect your site, unfortunately it takes a little bit of reading and work.
-
-
-
- kimmc7arts
- Sr. Rocketeer
- Posts: 184
- Thanks: 0
-
I would greatly appreciate knowing the name of cpanel security script. I found a tool that blocks IPs by country in the .htacess file. It is here:
http://blockacountry.com/
.
I appreciate very much all the feedback.
-
-
-
- Andy Miller
- Preeminent Rocketeer
- Posts: 9919
- Thanks: 96
- Web Kahuna
-
www.configserver.com/cp/csf.html
Here it is.. i paid them to install it too..
-
-
-
- Steve Fletcher
- Rocketeer
- Posts: 55
- Thanks: 0
-
Time to create page: 0.057 seconds