1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Security Tips To Stop Joomla Hackers In Their Tracks

Discussion in 'Joomla' started by Maestroc, May 5, 2013.

0
  1. #1
    I do a bit of business from time to time when clients call me to clean up broken or hacked Joomla web sites. While the paths the hackers took to get into the system were all different they all boil down to a few basic things. From the moment you first set up your Joomla site make sure you follow these tips. They won't stop all hacking attempts but they will make it much less likely.

    1. Update your Joomla installation to the most current version immediately after you first install it.
      Many people install Joomla through Fantastico, Softaculous, or the Web Apps panel in their hosting's control panel. The problem is that if their hosting provider does not do a good job of keeping those installer scripts up to date you might be installing a version of Joomla that is very out of date. I've seen some recent posts on here of people installing Joomla 1.5 on their systems through their cPanel when 1.5 was discontinued over a year ago. Always update to the most recent version ASAP. If you don't know if you have the most recent go over to www.joomla.org and check to see what release they are currently on.
    2. Make sure your file permissions are set correctly.
      Pretty much all of the files in your Joomla installation should be set at 644 and the directories 755. One major exception being your configuration.php which should be set 444 (some people suggest 666 as well). This will require you to go in and change the permissions before you can edit it but it also makes it harder for others to get at it as well.
    3. Change your database prefix!
      When you first set up Joomla change the prefix from the old default jos_ to something else. If you already have the site set up and running install the Akeeba Admin Tools extension and have it change the prefix on everything for you. Admin Tools has a lot of other great features to it (including changing file and directory permissions in bulk). Plus, it's free!
    4. Install a backup component and USE IT IMMEDIATELY!
      Go over to Akeeba again and grab the free version of Akeeba Backup or find another backup option that you prefer. As soon as your site is up and running back up the whole thing, save it off site by downloading the backup file or having the system email it to you. If you can, set up the backup system to do this automatically on a regular basis. That way if you do get hacked you will have a copy your system administrator can use to get you back up and running as quickly as possible without having to start over from scratch or pay your hosting company to do a restore from their server backups.
    5. Update your extensions whenever you update your Joomla system software.
      If you are using Joomla 2.5 or 3.0 then many of the extensions you are using may be available to be updated automatically through the extension update manager. If your extensions do not make use of this feature then make sure to update them manually on a regular basis.
    There are dozens of other security tips for safeguarding your Joomla install, including several Joomla security guides over at the Joomla.org site. There are also several more over at MarcoFolio's site as well. The first tip above is still the most important of all. UPDATE UPDATE UPDATE!
    If you are having any problems with your site or have questions about Joomla installations and Joomla security be sure to post here in the forum or feel free to drop me a PM and I'll try to help if I can.
    -MaestroC
     
    Maestroc, May 5, 2013 IP
  2. ijoome

    ijoome Well-Known Member

    Messages:
    111
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    125
    #2
    You forgot to include using security extensions such as ose anti hacker,Rs firewall, JhackGuard,Admin Tools etc.Using These Extension Will increase your site security.
    One Thing Is Change /administrator Path
     
    ijoome, May 9, 2013 IP
  3. VideoWhisper.com

    VideoWhisper.com Well-Known Member

    Messages:
    330
    Likes Received:
    6
    Best Answers:
    2
    Trophy Points:
    113
    Digital Goods:
    2
    #3
    In addition to suggestions above:
    - use complex passwords (include special characters and caps) to avoid brute force hacks
    - scan all computers you use to connect and store credentials with an antivirus so there are no trojans to get your passwords
    - scan your site using ClamAV from time to time (have your host install it if not available)
    - get rid of any plugins, scripts or other files you don't really use on the server
    - check scan/report sites and services, fix what they find and report the cleanup so your site doesn't get banned/blocked in search engines and browsers

    http://www.google.com/safebrowsing/diagnostic?site=google.com
    http://www.unmaskparasites.com/
    http://siteinspector.comodo.com/
     
    VideoWhisper.com, Jun 12, 2013 IP