Joomla based site hacked by Turkish hacker

[Blogmaster]

This is my latest site http://www.propertyhogs.com/ and it's just been hacked. Do you believe that Jommla has some serious security issues?

[sarahk]

Joomla have just released a new version... had you upgraded?

you should only need to replace the index page -- although you may find it's the index page of your template, not the main site index
they don't normally do much else

[Blogmaster]

No, but I'm doing it now. So you think that he got access thru Joomla, right?

[fsmedia]

Quote:

Originally Posted by Blogmaster

This is my latest site http://www.propertyhogs.com/ and it's just been hacked. Do you believe that Jommla has some serious security issues?

it's probably the case you left a file with the wrong permissions.

it could happen to ANY cms out there.

[sarahk]

Quote:

Originally Posted by Blogmaster

No, but I'm doing it now. So you think that he got access thru Joomla, right?

No, but he was probably targetting Joomla because there will be a file commonly left with the wrong permissions

[Blogmaster]

My server guy just told me it was the latest and most secure version of Joomla. This is really changing my mind about Joomla. Has anyone else you know with a Joomla based site been hacked?

[sarahk]

Mike - they may have got in through any number of means. Could be an insecure password which you've used somewhere else and he hacked that site but it's most likely through a config file with 777 perms.

Suck it up, change that index file, check your perms and move on.

The benefits of Joomla outweigh the minor inconvenience.

Oh and get sqlyog and automate your database backups

[wendallb]

Yes , I had a joomla site hacked by someone saying they were Turks,

It was my fault as I had the wrong permissions on a file. The permissions issue is now fixed.

[Blogmaster]

Quote:

Originally Posted by sarahk

Mike - they may have got in through any number of means. Could be an insecure password which you've used somewhere else and he hacked that site but it's most likely through a config file with 777 perms.

I hope so, I'm glad he didn't get to any important parts of the site. For now I have added the old homepage.

[bading]

Same thing happened to my Joomla based site, www.bading.com. Few days ago, I was hacked with this Turkish Hacker, At first, he modified the Index.php of the Joomla based, not the template index.php, then after I fixed it, he went back again and modified the configuration.php. I sent email to Godaddy (my Hosting Server), and they found out that the vulnerable files from my site are came from one of the Joomla Module and not from the Joomla Installed. This Module is the Expose Module (Normally use for Gallery) that you can download for free. After I uninstalled the Module, everything was fixed including the spams on my other modules.

I suggest, please be careful downloading these free modules, there are so many holes on it and some of it was created by the hackers as well.

[Blogmaster]

Has Joomla ever commented on these issues?

[bading]

Warning: Installing 3rd party extensions may compromise your server's security. Upgrading your Joomla! installation will not update your 3rd party extensions.
For more information on keeping your site secure, please see the Joomla! Security Forum.

That's the only warning.

[jamestcs]

my site was also hacked by Turkish last month... may be the same person are doing it.

[Dubz]

A friends JOomla site got hacked same group. The basic install of joomla is filled with holes.

If you aren't willing to figure it all out / technically capable hire someone or forget it .

A friend of mine does it and it takes a while lots of patches and what not.

[trichnosis]

i dont think joomla sites has big security holes.

in my experience , hosting servers are having holes which is being a reason for hacking

[deebee]

Quote:

Originally Posted by Blogmaster

No, but I'm doing it now. So you think that he got access thru Joomla, right?

Hi Mike,

I had one site hacked and another about to be hacked by the Turk - here's the lowdown.

The access point was through the cache directory which I stupidly left on 777 (full read/write). It should be 755. Check this dir for files called good.php or ozey.php. If you find either, delete the files and set the dir permission level to 755.

Next step is to chmod all dirs to 755. This will stop you from installing mods/components/templates so if you need to do any installs, temp mod back to 777, do the installs, then mod back to 777 afterwards.

[Imran]

I know this is a bump, but today my site was hacked as well grrr, index.php file was replaced, I had lots of lots of bad permissions direct 777, now I have set permissions to what they should be dirs 655 and files 644.
Hopefully his will not happen again.

[deebee]

You'll find that if you install via Fantastico, it leaves lots of dirs open.

Another tip is to install sh404SEF - that way, it makes Joomla sites less easy to find.

[Divisive Cottonwood]

for security the core of joomla is fine, it's when people use extensions that the problems arise.

[Imran]

what does sh404SE does? there is already 404 page available in joomla? to handle such errors?