I have a commercial online store website that works on Joomla content management system. Here it is: http://www.parfiums.com Well someone manages to hack the website somehow and to change only the front page of the website. This happens once in a while and I have to constantly change it back. Here is the version of Joomla that is used: /** @var string Product */ var $PRODUCT = 'Joomla!'; /** @var int Main Release Level */ var $RELEASE = '1.5'; /** @var string Development Status */ var $DEV_STATUS = 'Stable'; /** @var int Sub Release Level */ var $DEV_LEVEL = '15'; /** @var int build Number */ var $BUILD = ''; /** @var string Codename */ /** @var string Date */ var $RELDATE = '05-November-2009'; I am not sure what variables $DEV_LEVEL and $CODENAME represent, but i am not giving away $CODENAME, because it may be important. How can I stop any future hacking? What possible holes in the security there might be that may cause this?
The best thing you can do is upgrade to the latest version of Joomla which is 1.5.20 I believe. --Ganesh
Read the Joomla Security issues and Try to implement them. This will help you a lot a let us know that did it helped you to protect your website.
are you using plug-ins or modules? sometimes people are able to use them to hack into your joomla site just make sure that this plug-ins or modules don't have any holes in them, i know that there is a website out there where they tell you which components not to use because they have holes in their programming. just search google and i think you find it.
I had similar problem with 4 Joomla sites on same server. Searching through Google or Yahoo and clicking the result link will redirect your site to some other sites. 1st time it happened, upgrading them to latest version fixed the problem. Then happend again about two weeks later, and disabling .htaccess fixed it. Couple of weeks later, for the third time! I had to disable all three SEO options, clear the cache, and change all passwords. It's been 2 more weeks and haven't had problem yet.
I just heard of this problem though. There must be something we can do to prevent that from happening. I just starting to learn about Joomla and doesn't want to get screwed when it is time for me to use it.
Always update your Joomla and extensions, but you can also get a nice extension called OSC Security Suite. Will cost you a few quid, but will keep you secure, you will get email notifications if anyone trys touching your site.
Agreed, please use this : extensions.joomla.org/extensions/access-a-security/site-security/site-protection/13233 But before you use the above mentioned, please go through this : docs.joomla.org/Security_Checklist_7 After which please make use of this : docs.joomla.org/Vulnerable_Extensions_List Now utilize jHack, as mentioned above, in the end I will advise you not to use your browser(s) to store passwords. I have had similar issues, but the above cited remedies have worked for me till now, just my 2 cents.
Joomla is a very secure CMS... BUT add ons make it hackable. If its not a Server side hack, check your extentions for vulnerability.
Hi, yes with your hosting always check for updates, make sure error log is enabled, access logs and look at Joomla's main site for know issues. Also irc on freenode, #joomla is a great place for help too. Hope things work out for you take care
whoopsI forgot to mention that with plugins its good to get on their mail list for updates. same with joomla etc.
Or else you can make use of 'Version Verification Tool' and bring about a more centralized approach towards tracking different extensions updates. extensions.joomla.org/extensions/administration/admin-desk/12026
Are you using the default admin username - 'admin'? If so, I'd strongly recommend changing this as one of the most common hacks is password cracking for user 'admin' because the site creator has left the default user as super admin.
Basically there are two main reasons for getting hacked: 1. You are using older version of Joomla. If you do a little search, you'll see how to hack into older versions of Joomla. The best way to prevent this is to sign up for Joomla Security Newsletter, which will keep you updated about latest Joomla releases. Also, dont display powered by Joomla message on your website, as this may provoke the user to check your version number, and try some bad shit. 2. Using nulled scripts: Almost all of the premium templates and components are available if you know where to search for. The hackers who null those scripts add a loophole through which they can get into the system. I can give you a Joomla template, which if you'll install, will contain one more super admin, beside the default "admin" created by you. Before you'll know anything about this, I'll be off your website with all the information you have on it. So an advice, avoid any nulled scripts and templates at all cost.
You can use this tool --> hffp://www.opensource-excellence.com/index.php?page=shop.product_details&flypage=flypage_new.tpl&product_id=2&category_id=6&option=com_virtuemart&Itemid=14 Just replace the hffp: for http because I am not allowed to post links at this moment. I use in all my Joomla and Wordpress Websites, believe me you are going to Love it and you can use in as many websites as you want. It is not FREE thought. That link is not an affiliate just in case somebody wonders and I am not an employee from that company.