-
AuthorPosts
-
BigSky Friend
BigSky
- Join date:
- December 2005
- Posts:
- 49
- Downloads:
- 0
- Uploads:
- 1
- Thanks:
- 2
- Thanked:
- 3 times in 1 posts
August 15, 2008 at 7:21 am #132246You guys might want to fix this–not terribly encouraging to any potential customers.
questbg Friend
questbg
- Join date:
- May 2008
- Posts:
- 1912
- Downloads:
- 0
- Uploads:
- 1
- Thanks:
- 146
- Thanked:
- 339 times in 197 posts
August 15, 2008 at 7:28 am #265431Wow. That’s bad. Was this the old Joomla 1.5.x rather than the new security fix in 1.5.6?
Sherlock Friend
Sherlock
- Join date:
- September 2014
- Posts:
- 11453
- Downloads:
- 0
- Uploads:
- 88
- Thanks:
- 221
- Thanked:
- 2478 times in 2162 posts
August 15, 2008 at 9:47 am #265450Thanks
We will fix it nowAugust 15, 2008 at 10:33 am #265455Hi,
Is there a solution to your site being hacked ?
njb
TomC
Moderator
TomC
- Join date:
- October 2014
- Posts:
- 14077
- Downloads:
- 58
- Uploads:
- 137
- Thanks:
- 948
- Thanked:
- 3155 times in 2495 posts
August 15, 2008 at 1:49 pm #265472<em>@njbarbour 73672 wrote:</em><blockquote>Hi,
Is there a solution to your site being hacked ?
njb</blockquote>
It’s been fixed
questbg
- Join date:
- May 2008
- Posts:
- 1912
- Downloads:
- 0
- Uploads:
- 1
- Thanks:
- 146
- Thanked:
- 339 times in 197 posts
August 15, 2008 at 1:52 pm #265474Could you guys actually explain how this was ‘fixed’ please? I’m going live next week and I’m still on Joomla 1.5.3 … if there’s any protection for my site, then please share with me!
August 15, 2008 at 1:57 pm #265475<em>@tcraw1010 73698 wrote:</em><blockquote>It’s been fixed</blockquote>
Hi,I had the hosting company reset the site to the version before the time of the attack.
Thing is, I do not now have admin control of the site in order to make my upgrade and fix it permanently.njb
mj1256 Friend
mj1256
- Join date:
- June 2007
- Posts:
- 1473
- Downloads:
- 10
- Uploads:
- 35
- Thanks:
- 84
- Thanked:
- 225 times in 118 posts
August 15, 2008 at 3:34 pm #265494I don’t think that security is really a template issue,
security lies with the server, the hosting company, and joomla itself
and the first rule of the internet,
There is no such thing as a totally secure site.As for restoring a site after being hacked.
make sure you hosting company knows you’ve been hacked
delete your site and database completely
reinstall from a backup (hopefully made prior to the hack) and change all of the old logins and passwords once the site is reinstalled.as for the hosting company and joomla
cheap hosting is just that, cheap, don’t rely on a cheap host for anything, especially security.
find a hosting company that offers PHPsuexec, its recommended for joomla hosting and will change your file ownerships, file permissions (777 not allowed) disable your php.ini and make it more difficult for nefarious forces to inject and run programs on your website.
more info is here
http://www.joomlatutorials.com/faq/view/joomla_security_tips/permissions_under_phpsuexec/60.htmlas for joomla, always make sure your running the latest versions and install all the security options recommended on the joomla website.
security is as much the users responsibility as it is the providers.
as for the hosting company restoring the site, in my experience, their backups will not restore an operational joomla site, paths will be broken. best case is to have them reset up the server and then you install from your backup. Most hosts backup the server, not your website.
I recommend joomlapack for joomla, its free, it works, and it installs just like a ja quickstart package.
everyone should be backing up their websites everytime they make a change and then storing the backup locally.
1 user says Thank You to mj1256 for this useful post
TomC
Moderator
TomC
- Join date:
- October 2014
- Posts:
- 14077
- Downloads:
- 58
- Uploads:
- 137
- Thanks:
- 948
- Thanked:
- 3155 times in 2495 posts
August 15, 2008 at 4:13 pm #265498<em>@mj1256 73721 wrote:</em><blockquote>
everyone should be backing up their websites everytime they make a change and then storing the backup locally.</blockquote>
Exactly what I do with each and every little change – edit / test first on my localhost server, then upload it to my web host.
All the while having two identical copies of the files.Additionally, about once every month or so, I back the entire thing up onto a CD.
1 user says Thank You to TomC for this useful post
August 15, 2008 at 4:19 pm #265499mj1256,
Finally somebody is speaking plain and helpful English about this issue. I have gone round and round today trying to repair the sites. My Hosting company did it in the end. I am not too experienced with Joomla! and the backup piece I know I am weak on this causes me to rely more than I should on the hosting company. I dont have a local host (only the real site) to test the patch on. Its a fingers crossed job later when I do the 1.5.3 to 1.5.6 upgrade.
Thanks
njb
mj1256
- Join date:
- June 2007
- Posts:
- 1473
- Downloads:
- 10
- Uploads:
- 35
- Thanks:
- 84
- Thanked:
- 225 times in 118 posts
August 15, 2008 at 4:26 pm #265500I think hostgator offers PHPsuexec and of course Rocken, the host for the joomla website offers it.
August 15, 2008 at 4:37 pm #265502Tom,
As I mentioned, Im not the best expert on Joomla! or backing up for that matter. At the moment Im in the process of backing up everything in my www directory via FTP.
I will also backup my databases.
Thanks for the comment.
njb
August 15, 2008 at 4:39 pm #265504mj1256
Pardon my ignorance but can you summarise what these packages will allow me to do ?
njb
mj1256
- Join date:
- June 2007
- Posts:
- 1473
- Downloads:
- 10
- Uploads:
- 35
- Thanks:
- 84
- Thanked:
- 225 times in 118 posts
August 15, 2008 at 5:45 pm #265515joomlapack will let you backup your site so that if it breaks or gets hacked you can restore the site to your server or host. it works just like the JA quickstart package, except it will be your site. It installs as a component and is very intuitive.
as for PHPsuexec, as I said, it is a security program that is recommended for use with joomla. You cannot install this, it needs to be done by the host and works at the server level. So, try to find a host that has it, (like RochenHost or HostGator), or, if your host does not have it on the server you are on, see if they have one they can move your site to.
Now, how it works and what it does is explained in the link I gave. Basically, it changes file ownership to the user (admin), forbids the use or chmod 777, and makes it tough for nefarious hackers to do site injections of files and executable programs, it also disables the global php.ini which has the php directives for your site.
August 15, 2008 at 6:19 pm #265522Hi,
Thanks again for your mail. Your very knowledgable on the whole topic. Your photograph is pretty good, it seems to depict a smart person answering the most basic of questions. – Kind of like the ones Ive been asking.
Anyway. I will take your advice and make these changes and if I have to I will move server or company to get the protection I need.
Much appreciated.
njb
-
AuthorPosts
This topic contains 40 replies, has 10 voices, and was last updated by 
We moved to new unified forum. Please post all new support queries in our New Forum