Robot Portal

Easily manage all aspects of your account | Knowledgebase |

Knowledgebase

My Joomla has been hacked!

A Joomla is usually compromised when it or its components / modules are outdated. Another very common problem is when the register_globals emulation has been enabled.

In such cases we recommend the following steps:

1. Restore your Joomla from the latest backup available. 

2. Upgrade your Joomla and all of its components / modules to the latest version.

3. Disable RG_EMULATION for Joomla. When this option is enabled even the latest Joomla (currently 1.0.14 beta) is vulnerable to some variable injections. It can be disabled by placing the following line in your configuration.php:

if(!defined('RG_EMULATION')) { define( 'RG_EMULATION', 0 ); }

 

- Make sure all your applications are up-to-date. This includes any modules, components and addons you have added and / or integrated within the web applications;

- Pick up strong passwords for the main cPanel account, Mysql, Ftp and mail users. Never use the same passwords for different users. For example a Mysql user should not have the same password as your cPanel user or a ftp user. It is essential that your cPanel user's password is not found in any file on your account by any means;

- Avoid having directories with permissions above 755. If your applications require such directories, try to put them outside your webroot (public_html) or place a .htaccess file in them containing "deny from all" to restrict public access to these files.

- Run regularly antivirus software on your local computer(s) and use the secure connection when logging in cPanel (https://yourdomain.com:2083);

- Configure your site to use the latest PHP 5.2 by adding the following lines to your .htaccess file:

AddHandler application/x-httpd-php52 .php .php3 .php4 .php5 .phtml

PHP 5.2 has an improved handling of remote code which reduces greatly security problems.

- Tweak your local Php settings for better security. This can be done by disabling unnecessary functions and options. Here are some sample recommended directives:

allow_url_fopen=off
disable_functions = proc_open , popen, disk_free_space, set_time_limit, leak, tmpfile, exec, system, shell_exec, passthru

Note that the above directives can cripple your code's functionality. They have to be pasted in a php.ini file in each directory you'd like to have them applied.

- If you are not using Perl scripts, add a bogus handler for these files. In your home directory create a .htaccess file with the following content:

 

##Deny access to all CGI, Perl, Python and text files


Deny from all

##If you are using a robots.txt file, please remove the

# sign from the following 3 lines to allow access only to the robots.txt file:

#
#Allow from all
#


The above will prevent Perl scripts to be executed. Many exploits / backdoors are writtent in Perl and the above will prevent them from running. This directive will apply to all your subdirectories.

- Filter possible intrusions with Apache's Mod Security. Mod Security is an Application firewall integrated with Apache. Siteground's servers support version 1.9.x which is compatible with Apache 1.3.

It can be easily enabled by placing your rules in a .htaccess file. Here are some sample rules you can use.

IMPORTANT: Once your account has been compromised, it is very likely that the intruder will leave a backdoor to easily gain access later. That's why only fixing your vulnerable code might not be enough. Finding the backdoors will be time-consuming and expensive (requiring a professional developer). That's why you might prefer to start from scratch your site.

  • 111 Users Found This Useful

Was this answer helpful?

Related Articles

What happens to someone abusing system resources?

The offending site will be suspended and the owner will be given an opportunity to fix the...

How to submit a DMCA complaint?

Reporting copyright infringement? You must follow these steps before submitting any information...

SQL injection, insertion!

SQL injection is an attack where malicious code is passed to an SQL Server for execution. The...

My account was hacked!

If you are the victim of a hacker you can mail to our support department and our experts will...

How to handle the Google Attack Page?

When you see the dreaded Google attack site warning, you should immediately email : hostmaster...

Born in 2004 ... Trusted By Clients n' Experts

SEO Stars

They never made me feel silly for asking questions. Help me understand how to attract more people and improve my search engine ranking.

Read More

Emily Schneller Manager at Sabre Inc
SEO Stars

Took advantage of Hostseo's superb tech support and I must say, it is a very perfect one. It is very fast, servers reliability is incredible.

Read More

Leena Mäkinen Creative producer
SEO Stars

We're operating a worldwide network of servers with high quality standards requirements, we’ve choose hostseo to be our perfect partner.

Read More

Ziff Davis CEO at Mashable
SEO Stars

It’s very comfortable to know I can rely about all technical issues on Hostseo and mostly that my website and emails are safe and secured here.

Read More

Isaac H. Entrepreneur
SEO Stars

With hostseo as a hosting partner we are more flexible and save money due to the better packages with great pricing, free SEO n' free SSL too!

Read More

Madeline E. Internet Professional