I am Running 6 Joomla sites,and I have around 16 sites of My clients,One Sites has Been Hacked Todays,I have maintained all security measures on my all sites such as admin directory protection,flooding protection,Google crawler access management,ip filtering,which are suggested by joomla security strike team.All Extensions are Up to date,No problems on Tempelates and extensions,No problems on Data server,Database configuration But Hacked.....I am what can do Right Now,But i an backuping my site daily,If Not There Is???? cant Say. So maintaining all security measures site Can Be Hacked So backup Data daily Is Best For Joomla.I learned From Todays.......
Bad to hear that and your are right. Always Back Up. My provider gave me the following code to protect my server. Put in .htaccess: ####################################### Against hacks RewriteCond %{QUERY_STRING} (.*)=http(.*) RewriteCond %{QUERY_STRING} (.*)action=newfile(.*) [NC] RewriteCond %{QUERY_STRING} (.*)action=save(.*) [NC] RewriteRule ^(.*) - [F]
You probably have some vulnerable components that hackers exploit to upload malicious code on your server. A classic case is when a component allows uploading/creating new files and attacker uploads/creates a php file to remote control your site. If you have ssh access on vps/server or your admin could use these tools to scan: http://www.videochat-scripts.com/security-scans-for-server-and-vps/ Or you can tweak & use this simple script to look for hacker tool or phishing signatures (ie. shell, bank): http://ateom.com/malwarescanner/
regular backup is the best solutions for joomla also protect your administrator folder using .htaccess