Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 7 years ago.
Improve this question
Ok, so one of my websites ( on joomla) is being hacked like the 6th time...
I won't tell you any stories. Only facts:
Firstly, I found that in template index file appeared some alien code:
<div id='hideMe'> <p>Every person knows the large quan...|...ur cure Viagra <a href="xxxxx">Viagra</a> </div><script type='text/javascript'>if(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}</script>
Then I found in tmp folder a file named asd.php
with content:
http://www.codr.cc/bb027a
I tried to decode that and got something like:
http://www.codr.cc/97c183
How did this happen? How hacker got an access to create a file? All folders perms were 755 and files - 644.
Joomla doesn't have any unsafe modules, components or templates.
Everything is up to date.
What else should I do to prevent future hacks?
It hasn't been hacked for the 6th time. You have been hacked by dozens of bots and your system is backdoored. You remove the infection and a bot will just restore it.
This happened because your software is out of date. It likely some plugin or even joomla its self is very old.
How to prevent this? Well you can look up system hardening guides, and there are a lot of them out there. Regardless, you need to start for scratch. Completely reinstall joomla and all of its components, scorched earth style. Make sure everything is up to date on the new system.
If you are still having problems, hire a professional.
- Your website has very old extensions installed: This is the top and
most common reason behind a hacked Joomla website. You should always
keep your extensions up-to-date, and if you’re using an extension
that is no longer supported, then try to find an alternative. If
not, have a developer take a look at that extension to ensure it has
no vulnerability issues.
- You’re using an older version of Joomla: We know that it’s hard to
keep your Joomla website up-to-date with the latest version,
especially if you have a lot of extensions (components, modules,
plugins) that will be broken if you upgrade Joomla. But you must do
this, you can’t keep on using an outdated version forever.
- You have write permissions on your .htacess file: By default, your
.htaccess file has write permissions on it because Joomla has to
update it, especially when you’re using SEF. The problem is that
this will leave your .htaccess vulnerable to attacks that aim at
changing it. You should always set your .htaccess permission to 444
(r–r–r–) or maybe 440 (r–r—–).
- You have write permissions on your *.php files: Neither the web
server nor the world should have write permissions on your Joomla
*.php files. You should ensure that the permissions of all your *.php are set to 444.
- Allowing users to upload scripts: For example, if a component
accepts images, you should ensure that only images are allowed to be
uploaded. Users should not be able to upload scripts (such as *.php
files)
- Giving execute permissions on public directories: In this context,
public directories mean those directories where users are able to
upload their files to. Imagine someone uploading a file to one of
your upload directory (in a way or another). If that file is a
script, and if that directory allows for scripts to run, then the
individual can easily run the malicious script. Public (upload)
directories should all be given a permission of 766 (owner can read,
write, and execute. The rest can only read and write).
- Using non-prominent extensions: You should always use extensions
that are used and tested by many people. Using an extension that is
used by very few people is not a good practice, and can get your
website hacked (attacker can use several techniques such as XSS, SQL
injection, etc…). In case you feel obliged to use such an extension,
- Have a developer review it for security. Giving credentials to
untrusted developers: You shouldn’t give your website credentials to
untrusted developers. And, if you really have to, then change all
your passwords once the developer is done working.
- Giving all the possible permissions to the database user: Once your
Joomla website is setup, the database user should only INSERT rows,
UPDATE rows, DELETE rows, and CREATE tables. He should not DROP
tables or DROP the database. Ensure that only the necessary
permissions are given for the Joomla database user.
- Feeling confident that your website cannot get hacked or that no
one would hack your website: Regardless of whether you have a small
charity website or a huge school website, your website is
susceptible for hacking. Many hackers use software to scan the
Internet for websites with vulnerabilities and attack them, just
because they can! Always take your website’s security seriously,
don’t think that if you’re too small no one would consider hacking
your website, or that if you’re too big you are secure enough and
no one would be able to hack your website.
Check which one affects you and correct the mistakes you have made.
Update
Security Checklist/You have been hacked or defaced
Joomla Security
Vulnerable Extensions List