Has anyone here had their joomla site hacked?
-
-
- William E Dooley
- Elite Rocketeer
- Posts: 740
- Thanks: 1
- Web Developer
-
I got up this morning and logged on to my site to try and finish up a few loose ends so that I can officially launch it this weekend. I was greeted ba a "you have been hacked" page, not a good start of the day! I had a very similair attack a few months back, but it was on a site that I had installed joomla on and that was about it, it had a fresh install, no actual work had been done on the site, so I emptied the ftp directory, reinstalled joomla and didn't think about it again until this morning. I was a little panicked this morning, but then I realized that no damage had really been done, they replaced the index.php page and added an index.html page, and that was it. Luckily it was the joomla root directory index.php file and not my template one that I had highly customized. So all I had to do was delete the index.html file and replace the index.php file with the one in the joomla install folder. Question is, how to stop this from happening again? Anyone had this happen to them? I noticed when I did a google search for the name of the group that was on my front page, there were a few results coming from the joomla forums, but noone really seemed to have a solution to stopping it from happening. There was also a url on the page that the hackers put up on my site, so I went there, and it had a list of the sites they had hacked. There were over 300 sites listed as being hacked today, march 13th 2007 alone. The name of the group is DENGESIZ TEAM, and the site url on the page was
http://www.dengesiz-team.org
Anyways, has anyone here had this problem and know what the actually vulnerability is?
Thanks,
David Henderson
-
-
-
- James Spencer
- Preeminent Rocketeer
- Posts: 46340
- Thanks: 50
-
You will find that these are silly little kids who have download a script! It did not happen to mine but to a friends.
Luckily, I backup everything - James Spencer / Developer & Support / Hull, UK
-
-
-
- William E Dooley
- Elite Rocketeer
- Posts: 740
- Thanks: 1
- Web Developer
- I assumed as much, since they seem to be doing thousands of sitees a day, it must be a script. But does anyone know the vulnerability they are using so that we can prevent it?
-
-
-
- Matthew
- Hero Rocketeer
- Posts: 299
- Thanks: 0
-
A live (regardless of whether or not it has been launched) site should never be the only copy you have!
Servers crash, ISP backups are unreliable, and yes, sites get hacked.
If at all possible, develop a site on a local server (there are some decent standalone Joomla! servers). Failing that, use a development environment that lets you synchronize between the site and your system by FTP.
After a site has been launched, it should be backed up periodically, especially after major content updates.
Finally, check file permissions!
The most common path of attack goes like this:
1. You are on a shared hosting server.
2. Someone else on the server is running a script with a security hole, a week password, etc., and their account gets hacked.
3. Once they have access to any account on your shared server, they are able to access files/directories with a chmod of 777, and hack your site.
HTH - www.gofftech.com Web Design
-
-
-
- Bob Ateah
- Elite Rocketeer
- Posts: 4521
- Thanks: 0
-
If they uploaded an index.html page, wouldn't that mean that they have access to the server (username/ password)?If that were the case, I'd be a tad nervous.
It would be a biatch if these "hackers" (and I use that term loosely) site got hacked... just sayin', not suggesting...
Sorry to hear about this William. - The member formerly known as Roland Deschain
After your question is solved, please Edit your original post and choose the Solved message icon, thank you!
-
-
-
- James Spencer
- Preeminent Rocketeer
- Posts: 46340
- Thanks: 50
-
Matthew wrote:
3. Once they have access to any account on your shared server, they are able to access files/directories with a chmod of 777, and hack your site.
All mine are 755 - does that make it safer ??? - Last Edit: 17 years 8 months ago by .
- James Spencer / Developer & Support / Hull, UK
-
-
-
- Matthew
- Hero Rocketeer
- Posts: 299
- Thanks: 0
-
Roland Deschain wrote:
If they uploaded an index.html page, wouldn't that mean that they have access to the server (username/ password)?If that were the case, I'd be a tad nervous.
It would be a biatch if these "hackers" (and I use that term loosely) site got hacked... just sayin', not suggesting...
Sorry to hear about this William.
It depends on how the server is set up, and what the permissions are set to, but there are a number of scenarios in which they don't need the password to do this (force a poorly secured PHP file to remotely include another PHP file, for instance). - www.gofftech.com Web Design
-
-
-
- Matthew
- Hero Rocketeer
- Posts: 299
- Thanks: 0
-
James S wrote:
All my fine are 755 - does that make it safer ???
Yes!
No site is ever 100% safe, but the majority of site hackings could be avoided with proper file permissions. - www.gofftech.com Web Design
-
-
-
- Dave Goodwin
- Elite Rocketeer
- Posts: 1472
- Thanks: 4
- Howdy!!
-
Been hacked four times, three different sites. Each time the hacker came through an offending component that I used. Fortunately, I had a backup. I'm back in operation within 20 minutes of finding the hack. Joomla.org has a list of the offending extensions.
dave - "I'm an individual, just like everyone else."
-
-
-
- James Spencer
- Preeminent Rocketeer
- Posts: 46340
- Thanks: 50
-
Dave Gee! wrote:
Been hacked four times, three different sites. Each time the hacker came through an offending component that I used. Fortunately, I had a backup. I'm back in operation within 20 minutes of finding the hack. Joomla.org has a list of the offending extensions.
dave
Is there a specific link for that list of evil extensions ? - James Spencer / Developer & Support / Hull, UK
-
Time to create page: 0.054 seconds