Australian Joomla User Groups - Joomla.org.au

Monday, May 21st

Last update05:36:30 AM GMT

About Guides FAQs

Font Size

Screen

Profile

Layout

Menu Style

Apply Reset  
Cpanel
Welcome, Guest
Username Password: Remember me
Forgot your password? Forgot your username? Create an account
JoomlaOz
JoomlaOz
JoomlaOz Discussion

Help with website Hack
(1 viewing) (1) Guest
Reply Topic
New Topic
  • Page:
  • 1

TOPIC: Help with website Hack

Help with website Hack 4 years, 1 month ago #279

  • reditech
  • OFFLINE
  • Fresh Boarder
  • Posts: 4
  • Karma: 0
Hi there

One of my joomla sites has been recently hacked. I fixed it originally but now it has been hacked again by a different hacker. I have logged in to phpmyadmin and all the database is still there. It appears they have changed the main template as well as the admin template but am wondering if someone can give some ideas of where to look to begin troubleshooting. The site itself is www.rle.org.au

Thanks in advance.
Reply Quote

Re:Help with website Hack 4 years, 1 month ago #281

  • Partic
  • NOW ONLINE
  • Moderator
  • Posts: 340
  • Karma: 21
Reditech,

Hackers normally take out several key files in order to disrupt the site, and in my experience, usually don't get into the database (unless particularly determined - touch wood, I've not had that happen yet.).

The main exploited hole they find is when your file permissions are set to 777 - which gives public write access.

Easiest way to fix it is to reupload any files you know have been changed - usually the fastest way a Joomla site comes down is if they change the root index.php file, rather than other files in the site - so it might not be the template that's been modified, just the index.php page. Trying www.rle.org.au/index.php showed that page was missing, so that's a starting point.

Essential reading on Security: forum.joomla.org/viewtopic.php?t=102558

Patrick
Patrick Jackson
www.kpsystems.com.au
Ask Anything Joomla and I'll helpfully tell you where to go
Reply Quote

Re:Help with website Hack 4 years, 1 month ago #286

  • simon
  • OFFLINE
  • Fresh Boarder
  • Posts: 4
  • Karma: 0
Hi there

I have just had a site brought down recently for the second time...

The steps I have taken were...
- firstly replace the index file... and check the "config" file also

then... and I do suggest you do this... go to your hosts CPanel and look closely at the "Server log" This can tell you several things that are to your advantage... Usually overtime a hacked will return... and you should be able to detect which files are his entry and exit points... and also those pages he is using. (I found he had hacked the "wrapper" element and was using it as an entry to another site - to cut a long story short)

The server log should also give you hints as to their IP... so ban that IP in CPanel.
Also password protect the Admin folder... unfortunate... though makes a doublly secure entry... your admins will need to log in twice... though is better than allowing access to others

My two bobs worth

Best of luck... Simon
Reply Quote
Reply Topic
New Topic
  • Page:
  • 1
JoomlaOz
JoomlaOz
JoomlaOz Discussion
Powered by Kunena
Time to create page: 0.37 seconds
You are here: Forum

Australian Joomla User Groups : Sydney Joomla User Group : Melbourne Joomla User Group : Adelaide Joomla User Group : Canberra Joomla User Group : Brisbane Joomla User Group : Byron Bay Joomla User Group : Perth Joomla User Group : Toowoomba Joomla User Group