My Joomla Site is Hacked

Posted by: admin in Ulti JoomlaSecurityJoomla 1.5hack on  

I had a great weekend. On saturday evening my favorite football team lost bigtime. After that, I had a few to many beers, so I planned to have a lazy sunday...until I checked my email sunday morning. A kind user of Ulti Joomla warned me that the site was hacked. There are more pleasant things to read on a sunday morning. I was immediately fully awake and checked the site. I was lucky, because there was only minor damage. There was a new article created, titled 'HACKED BY...' and I couldn't login any more on the backend site. The damage could be worse, but this doesn't make the hacker a nice guy. I concider hackers as the vandals of the internet, so even if a vandal could have done more damage, he's still a vandal. I really don't understand why they do this. When I think of a hacker, I think about a kid with no real life friends who tries to piss off as many people as possible to get some attention.

 

How was the site hacked?

It seems there was a security vulnerability in Joomla 1.5.x, which allowed a hacker to change the 'admin' password. This gave the hacker full control of the site, so in fact I was quit lucky that 'my' hacker didn't do to much damage. It seems last few days hundreds of sites (or maybe even thousands) have been hacked. A lot of them probably have a lot more damage then I have. The Joomla community acted quit fast. Just a few hours after this was discovered, there was already a security release. But for sure there are a lot of website owners who are still not aware of this security vulnerability and they still have the risk of being hacked. So if you're not hacked yet, don't wait to act until it's to late.

 

What you should do if you have been hacked or to prevent from being hacked?

Simply update to the latest Joomla version. That will fix the security vulnerability. If the admin password was changed and you can't login anymore to your own website, then check out how to recover the administrator password.

 

Are there other precautions?

Now you may be protected from this security risk, but there is no guarantee that there aren't any other security vulnarabilities in Joomla 1.5.x that haven't been discovered yet. There are two more things you can do to protect your site. First of all, you should change the Super Administrator to a different user name then the default 'admin'. Then the hacker will have to guess the login before he can change it's password. Second thing to do is to subscribe to the Joomla! Security Announcement Forum. This way you'll know about new security problems fast and you'll probably be able to take counter measures before a hacker can attack your site.

Trackback(0)
Comments (2)Add Comment
...

written by kaushalya, April 24, 2010
Thanks, Relay help full
...

written by mapuka, September 14, 2010
Thanks a million..., great forum, great help. Oh my God, how my head has been hurting !smilies/smiley.gifsmilies/wink.gifsmilies/cheesy.gifsmilies/shocked.gifsmilies/cool.gif

Write comment

security code
Write the displayed characters


busy