Re: Hacked Joomla Site...
-
-
- Dave Goodwin
- Elite Rocketeer
- Posts: 1472
- Thanks: 4
- Howdy!!
-
I'm not sure that others here have experienced this, but a site that I administrate was hacked and the graphic announcing the hack was substituted. Fortunately I had a fresh backup and implimented the 'fix' that the Joomla.org Forum suggested. Everything is cool now.
But, another site, administrated by a diffetrent person who was still using Mambo, doesn't appear to have had a backup - is still having trouble after 3 days. The backup seems to be the fastest immediate fix, with other efforts to shore up security.
Has anyone else been hacked? What's your experience?
dave - Last Edit: 18 years 4 months ago by .
- "I'm an individual, just like everyone else."
-
-
-
- Youyou
- Elite Rocketeer
- Posts: 699
- Thanks: 0
-
I've never been hacked ;D
But it seems that the recents hack of joomla site are caused by critical security fail of the components SimpleBoard, Joomlaboard and ExtCalendar.
It is strongly advised to suppress or desactivate these components (and their modules ...).
-
-
-
- Dave Goodwin
- Elite Rocketeer
- Posts: 1472
- Thanks: 4
- Howdy!!
-
From what I understand, Joomlaboard is only a problem if you upgraded from Simpleboard. Simpleboard shows vulnerability. A fresh install of Joomlaboard, without ever installing Simpleboard seems to be safe.
The ExtCalendar2 shows vulnerability. I still have that component active. I've been looking at Thyme as a replacement for the calendar.
What really helped me was having a fresh backup. Another person in the area is still trying to crawl out from under the hack. He doesn't seem to have a backup and is resorting to various excuses without admitting that he just didn't have a backup. Having a site up does take real committment.
dave - "I'm an individual, just like everyone else."
-
-
-
- Youyou
- Elite Rocketeer
- Posts: 699
- Thanks: 0
-
Another person in the area is still trying to crawl out from under the hack. He doesn't seem to have a backup and is resorting to various excuses without admitting that he just didn't have a backup.
If he hasn't done backup manually and can't found the automatic backup on his serveur, he can ask his hebergeur to get the few last automatic backup.
-
-
-
- Raymond Basso
- Sr. Rocketeer
- Posts: 165
- Thanks: 1
-
I removed ExtCalendar2 from two sites that I have and replaced it with the calendar function of SMF forum. Not as good as ExtCalendar2 but it works. Nobody complained about the change. I did this when I upgraded fifteen of my sites to Joomla 1.0.10. No problem with the upgrade.
I am lucky that I have not had a hacking problem. I do limited web hosting for other people on my servers but I have very strict rules about any php program on the servers. I don't allow any php programs to be installed on my servers unless I am the one that does the installing and I make sure they are constantly upgraded.
I once had one of my servers hacked and they broke in through a poorly constructed bit if php, on a hosting account. It was a real pain and the strict rules went in place at that time. There still are no guarantees. No matter how careful and good you are there is always a bad guy that is smarter and better. All we can do is make it hard for the bad guys to mess up our work. I just don't tolerate programs that do not have the latest security patches installed constantly. I also keep redundant backup of everything all the time.
Ray - Last Edit: 18 years 4 months ago by Raymond Basso.
-
-
-
- Dave Goodwin
- Elite Rocketeer
- Posts: 1472
- Thanks: 4
- Howdy!!
-
Raymond Basso wrote:
I don't allow any php programs to be installed on my servers unless I am the one that does the installing and I make sure they are constantly upgraded.
Hi Ray, how many of your sites are run with PHP? Do you have any non-PHP sites?
dave - "I'm an individual, just like everyone else."
-
-
-
- Raymond Basso
- Sr. Rocketeer
- Posts: 165
- Thanks: 1
-
I do all kinds of hosting. I have three servers one of them is a windows server that I don't sell any web hosting on it. I use it for personal stuff mainly a MS SQL server that runs a banner advertising network I have. The other servers are apache type servers but I really don't look for web hosting accounts. Mainly I host my clients web page I made for them. I sell just enough outside web hosting to pay for the servers cost of having the three servers.
I have just about stopped making web pages for clients. At least I don't look for the business. All I do now is make web pages for myself so I can make money off of the advertising on them. I am trying to make three good web pages a month for myself. About 95% of my own web pages have PHP programs on them. I got into the hosting business because some of my web pages were so big and doing so much traffic the hosting fees were killing me. At that time I got one dedicated server and then another and another. It’s not much harder to take care of three server than it is for one.
I have mentioned before that I don’t want to solicit any business on this forum. Making three good web pages a month for myself is a lot of work. I have about twenty now and plan to stop when I get to 100.
Ray
-
-
-
- Dave Goodwin
- Elite Rocketeer
- Posts: 1472
- Thanks: 4
- Howdy!!
-
Ray, I know this is off topic, but how do you optimize the websites for search engines?
I've been studying this issue for a couple of years and have tried the different solutions for Joomla, but I had always found they disabeled other important functions of the site. I end up taking them off my sites and just settled for the '.htascess' and turning on the SEF button in Joomla.
If you want to take this issue on PM, that will be fine.
Thanks, Ray.
dave - "I'm an individual, just like everyone else."
-
-
-
- Raymond Basso
- Sr. Rocketeer
- Posts: 165
- Thanks: 1
-
I have been very interested in Search Engine Optimization since 1994. That is when I first found Yahoo and I wanted my web page (one) listed on it. I have been fairly successful even to the point of selling my SEO advice to client over the years. Most all of my web pages rank very high for the key words I want the to rank high with.
I am relative new to Joomla but I have found that basic SEO principles linked the modern technology make it easy to get good results with Joomla sites. The two items you mentioned .htaccess and Joomla Search Engine Friendly URLs are two things I don't pay any attention to.
I don't mind talking about this here because SEO is going to the subject of an up-coming web page I will be building. I have to finish a Podcasting tutorial tomorrow and an online cookbook next week and then I start on the SEO page. I have found that one of the most important items in SEO is to define the key words or key word phrases your are aiming your web for in the beginning. That is when you select the domain name. You want your keyword or key word phrase in the domain name. An example is I wanted a web site to list some of my barbecue podcasts on and I wanted to list other peoples podcasts on it. I wanted it to be a listing of BBQ Podcasts. So I picked the name www.bbqpodcasts.com that is as good as you can do. Briefly I then did the following things when building the web page.
1. In Joomla's global configuration I added the correct meta description, and key words. I also did this on every page I added to the web sites content pages. I also made sure the content of each section had some but not too many keywords in it.
2. Because it's a Joomla site it has RSS Feeds. So when the page was finished I submitted the RSS feeds all over the internet.
3. I added a Google Site map to the site and everyone should add a Google Site map to every web page.
4. If you have room in your account with Google Analytics you should add this to your web page. Google says that this will do nothing get you a better listing but from the data I have, it does.
5. Because the site has a lot of my podcasts on it I had already made sure they were submitted all over the internet. Putting a podcast on a web page and getting that podcast listed in Itunes and everywhere else you can helps.
6. Then I submitted the web page to all the major search engines.
Within two weeks I was number one on Google when you search for the key word phrase "bbq podcasts"
Other brief tips on SEO:
Read the information Google has on SEO they have a web page and don't do anything they don't like.
Have good content in your web pages and change it often. Don’t try to cheat the search engines with things like link farms, doorway pages, redirects etc. The will catch you and ban your web site or bury it so far down in the rankings no one will ever see it. Pay attention to what the search engines tell you they want in a web page especially Google.
Get as many good related sites to link to you. (don't try to cheat the search engines with this
If possible add a line of about eight words to lots of your content pages that are heading tags Exp: <h5>dfdfjddsf</h>
Remember at this time search engines love sites that have RSS Feeds, podcasts, lots of relevant content that changes fairly often.
Don't select a key word that is too hard to get good ranking on settle for key word that will just get you traffic. An example of this is the site I mentioned is number one when search for "bbq podcasts" but is not in the top 30 + on the key word "bbq" BBQ is a very hard and sought after word to get in the top 30 while "bbq podcasts" got me a number one and some traffic quickly. I do have sites that are ranked #9 and #19 at this time on the tougher keyword BBQ but it took a long time. Also these things change from time to time and you really have no control on that.
Ray
-
-
-
- Mame du Bois
- Sr. Rocketeer
- Posts: 179
- Thanks: 0
-
Don't select a key word that is too hard to get good ranking on settle for key word that will just get you traffic. An example of this is the site I mentioned is number one when search for "bbq podcasts" but is not in the top 30 + on the key word "bbq" BBQ is a very hard and sought after word to get in the top 30 while "bbq podcasts" got me a number one and some traffic quickly. I do have sites that are ranked #9 and #19 at this time on the tougher keyword BBQ but it took a long time. Also these things change from time to time and you really have no control on that.
This is the only thing I disagree on. Generally, people create sites on a specific subject which in turn reflects the keywords.
Unless you are creating sites purely to generate traffic and take advantage of the traffic, then your keywords are already defined. It's pointless targetting easier keywords if less people are searching for that term in the first place. I expect the harder the keyword is to get ranked the more traffic is at stake. This goes back to my point of view that if a keyword is particularily hard to get a good ranking from SEO copy alone, then spend the money and pay for sponsored search results.
A site I have just had debut at #3 in Google and #1 in Yahoo & NineMSN for my main two keywords ranks low on the two terms individually. I believe this is because the two terms individually are 'hard' keywords, but when combined I had little competition. I am confident I will be able to take Google #1 with little effort (although I am quite happy with anything on the first page.) When you search with the two words together you I will use quality link aquisition to start with along with some trade publication print advertising. If we still don't rank on the first page of results then I will use sponsored links.
I will qualify my statements above by noting that my sites audience will be fairly limited. Our first tier target audience is a city with a poplutation of 90,000 and people intending to visit the city. As such, taking adantage of local print and tv media will be easy and very cost effective. In addition to the local audience, the 2nd tier target audience is national. National trade advertising for my particular audience in Australia is cheap. I can take a 1/4 page, full colour ad out in national magazines for around $200AUD which is brilliant. Our 3rd tier audience is international visitors coming to the region. I anticipate the efforts of tier 1 and tier 2 will filter through to tier 3.
I have a question for you, do you think it would be an advantage to rename the slice names for the template? I have read that file names and alt tags help can help improve search engine ranking. I am not sure if you could make use of slice alt tags but renaming slices would be easy enough.
Kind regards,
Mame du Bois - "Be careful about reading health books. You may die of a misprint." Mark Twain
-
Time to create page: 0.052 seconds