Joomla HACKED!

Hey,
I have site that is built using joomla . Later when I visited it, my site is down and not working. I look at the ftp for a problem, then all of sudden the configuration.php has been changed, and IT'S HACKED! Any how it is being hacked? Any idea how I can make the configuration.php secured?

 

Did you maybe overwrite the config by mistake? I know I've done that before and not realized it.

How did the config change?

I run several joomla sites and I haven't had an incident yet of being hacked *fingers crossed*

 

What were the permissions set to on your config file? Also, are you running other modules/apps that can have security holes? I've seen several things come over the wire lately on security issues with not only the app but some of the add ons.

You have to make sure you check Secunia and sign up for their mailings of security notices. http://secunia.com/

For example I search Joomla (http://secunia.com/search/?search=Joomla) and found 14 recent advisories.

Good luck and I hope this info helped.

 

Write-protect your Joomla configuration file (make unwriteable).

 

My site also got hacked - 3 times before i've protected the config file.
The hackers use the following technique:
1) somehow get read access to the config file which is by default under your website root folder
2) retrieve the database password
3) login to database and reset joomla admin login
4) login to your joomla website

From here all options are open for the hacker - now they can hack all the websites in your account.

The best way to block this is to protect the config file.
Just follow the instructions of this tutorial:
http://www.joomlaworld.org/joomla-security/move-the-configuration-files-outside-of-publichtml.html