My Joomla has been hacked!

 June 27, 2010     0 Comments

If you suspect that your Joomla has been hacked, the first thing to check are the raw apache logs. Try searching them for suspicious client requests such as: - - [29/Oct/2008:06:07:30 -0500] "GET /index.php? HTTP/1.1" 200 10864 "-" "Firefox"

Unfortunately, it is not always that easy to find traces of a web attack and to decode it. Such a task may require an advanced developer to devote quite a lot of time. That's why you should know the most common reasons for a Joomla to be compromised:

1. The core Joomla installation is outdated. Previous versions have serious security vulnerabilities which can be easily exploited - make sure you update regularly and subscribe to their newsletter.

You can check your Joomla version by logging in your admin panel and looking at the top-right of the screen. There your current Joomla version will be specified.

2. Additionally installed components / modules are outdated.

This is a very common but, unfortunately, neglected problem. It is essential to keep track of all extra components / modules and make sure they are up to date. Check the addon's homepage for information about recent security issues and upgrade instructions.

3. Common misconfigurations which are known to open security holes:

- register_globals turned on in PHP's configuration - if turned on this directive allows easy variable poisoning; make sure to turn it off - all our servers have this off;

- allow_url_include turned on in PHP's configuration - if turned on it allows remote code to be included in your scripts; make sure to turn it off - all our servers have this off;

- using the default table prefix _jos. This opens the door for all MySQL injections; make sure you change your table prefix to something harder to guess using this component;

- RG_EMULATION turned on in Joomla 1.0.* - this directive emulates register_globals locally, a dangerous option; if enabled, you will see a warning right after you log in to your Joomla admin panel; you can switch it off by adding somewhere in the middle of the configuration.php file:

if(!defined('RG_EMULATION')) { define( 'RG_EMULATION', 0 ); }

Furthermore, here are a few more useful articles about Joomla hacks and prevention:

1. Prevent-and-recover-from-a-site-hack

2. Secure Joomla Module

3. Secure Joomla Firewall

4. Secure config.php

5. Joomla Administrators Security Checklist

6. Read our blog post

Laws Hosting provides secure Joomla hosting. We also install a special security plugin to all our customers free of charge, all you need to do is submit a support ticket.

How helpful was this article to you?

Powered by

FraudLabs Pro Secured Seal