1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

My Joomla Site Just Got Hacked

Discussion in 'Security' started by miktor, Mar 14, 2007.

  1. #1
    Hi, today two, yes two, of my not popular sites were hacked by "Xx-DEPREM-xX." I have no idea how this happened. First hack was on my image hosting site (uploading.cc) which has only been open for about a week and barely any visitors. That site I do not really care about since I needed a better script anyways. Moving on, I just checked my Joomla site (forumclique.info) which again is fairly new, only 2 months or so, and barely any visitors. I went to the homepage and saw that it had been hacked. There was the hacker's image saying that the site had been hacked. It is still there if you want to take a look at it. I am thinking it was a CSS attack although I am not sure. I am able to login to the admin panel but changing the template of the site does not help. I spent a lot of time tweaking little things in that joomla installation to make it just right so reinstallation is not an option unless one of you can tell me which files to back up. If this happened to me I am pretty sure other sites have been hacked as well. :mad:

    I'll appreciate any help!

    -Mike aka miktor
     
    miktor, Mar 14, 2007 IP
  2. miktor

    miktor Peon

    Messages:
    560
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I fixed my site and for anyone else who might have been hacked by the same idiot, I just downloaded the Joomla installation package and only uploaded the index.php file onto my server.

    Although my site has been fixed, I am still curious of how the site was hacked. If any of you would like to see the hacked index.php file just go to forumclique.info/hacked/index.php

    I am pretty sure my secuirty habits were not an issue since my computer is 100% virus/spyware/adware free and I am the only one who uses it. I never login to my websites or ftp from anywhere else but my computer. This is just too wierd.

    -miktor
     
    miktor, Mar 14, 2007 IP
  3. sacx13

    sacx13 Active Member

    Messages:
    438
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    58
    #3
    Joomla just get the old bugs from mambo ... Always Joomla/Mambo had this problems ... Just update your site everytime when a security update appears and I think will be ok ...

    Regards
     
    sacx13, Mar 14, 2007 IP
  4. Michelangelo

    Michelangelo Peon

    Messages:
    1,240
    Likes Received:
    47
    Best Answers:
    0
    Trophy Points:
    0
    #4
    So what do best to avoid hacking, any I software you know?
     
    Michelangelo, Mar 14, 2007 IP
  5. sacx13

    sacx13 Active Member

    Messages:
    438
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    58
    #5
    sacx13, Mar 14, 2007 IP
  6. Michelangelo

    Michelangelo Peon

    Messages:
    1,240
    Likes Received:
    47
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Thanks for the link, very helpful.
     
    Michelangelo, Mar 14, 2007 IP
  7. codeassist

    codeassist Peon

    Messages:
    267
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Miktor provide me with the Raw access Logs by PM please.
     
    codeassist, Mar 14, 2007 IP
  8. nikg

    nikg Well-Known Member

    Messages:
    642
    Likes Received:
    25
    Best Answers:
    0
    Trophy Points:
    120
    #8
    If you are on shared hosting maybe he used some other account to reach your files.

    Some things you have to take into consideration when building a joomla site are the following:

    Don't leave any dirs with 777 permissions. I you need to install a component or module chmod the required dirs to 777 and when you are done chmod them back to 755

    same for configuration.php set 444 permisions to it

    if you use any extra components/modules make a search first to find out if they have any vulnerabilities, especially if they are old. There is a big list of vulnerable componets.

    Leaving dir permissions to 777 is a secutity risk
     
    nikg, Mar 14, 2007 IP
  9. miktor

    miktor Peon

    Messages:
    560
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #9
    i am using godaddy and i do not know how to get those with the provided hosting control panel. i had another hosting account with globat which had that feature but i have not seen it with godaddy
     
    miktor, Mar 14, 2007 IP
  10. toby

    toby Notable Member

    Messages:
    6,923
    Likes Received:
    269
    Best Answers:
    0
    Trophy Points:
    285
    #10
    mike, that is not pleasant experience you have m8. I had mine the other time as well. What i did was to remove the site to another server and fix my script.
     
    toby, Mar 16, 2007 IP
  11. funtoosh

    funtoosh Active Member

    Messages:
    415
    Likes Received:
    11
    Best Answers:
    0
    Trophy Points:
    60
    #11
    funtoosh, Mar 17, 2007 IP