bspacer1 bspacer2
webmail hosting forum clients about

Computer Co-op, CornerNET Internet Gateway, and PJR Solutions is owned by PJR Sales & Service. Quality products and online services since 1991. We can be your
Complete Computer Connection

Hosting @ $5.95

Domains @ $16.98
Home PagePortal HomeClient AreaAnnouncementsKnowledgebaseSupport TicketsDownloadsRegister

Knowledgebase
You are here: Portal Home > Knowledgebase > Web Site Down > I can not open my website > My Joomla has been hacked!

My Joomla has been hacked!

If you suspect that your Joomla has been hacked, the first thing to check are the raw weblogs. Try searching them for suspicious client requests such as:

192.168.0.1 - - [29/Oct/2008:06:07:30 -0500] "GET /index.php?live_site=domain.com/1.txt?? HTTP/1.1" 200 10864 "-" "Firefox"

Unfortunately, it is not always that easy to find traces of a web attack and to decode it. Such a task may require an advanced developer to devote quite a lot of time. That's why you should know the most common reasons for a Joomla to be compromised:

1. The core Joomla installation is outdated. Previous versions have serious security vulnerabilities which can be easily exploited.

You can check your Joomla version by logging in your admin panel. There your current Joomla version will be specified.


2. Additionally installed components / modules are outdated.

This is a very common but, unfortunately, neglected problem. It is essential to keep track of all extra components / modules and make sure they are up to date. Check the addon's homepage for information about recent security issues and upgrade instructions.


3. Common misconfigurations which are known to open security holes:

- register_globals turned on in PHP's configuration - if turned on this directive allows easy variable poisoning; make sure to turn it off;

- allow_url_include turned on in PHP's configuration - if turned on it allows remote code to be included in your scripts; make sure to turn it off;

- using the default table prefix _jos. This opens the door for all MySQL injections; make sure you change your table prefix to something harder to guess using this component;

- RG_EMULATION turned on in Joomla 1.0.* - this directive emulates register_globals locally, a dangerous option; if enabled, you will see a warning right after you log in to your Joomla admin panel; you can switch it off by adding somewhere in the middle of the configuration.php file:

if(!defined('RG_EMULATION')) { define( 'RG_EMULATION', 0 ); }




Further reading:
Basic web security guildelines for shared hosting



If your Joomla has been hacked, you may us for assistance.



Was this answer helpful?

Add to Favourites
Print this Article

Also Read
Site does not show, just files are listed (Views: 3024)
Common reasons for a site to be inaccessible (Views: 4482)
Site has problems after a recent change (Views: 1077)
I added directives to my .htaccess file and I receive 'Internal Server Error' (Views: 3323)
How to clear the cache in Firefox, Internet Explorer, Safari, Opera and Google Chrome (Views: 12663)

Powered by WHMCompleteSolution


Copyright © 1994-2021 PJR Sales and Service All Rights Reserved