Joomla! Forum - community, help and support

Hi!
My homepage (floberghagen.com) has been "hacked" by NetDevil-for the old T!M35!...

I can not log on my admin, and dont know how to troubleshoot this...

Anybody out there that know how this can be fixed??

Probably/i hope it`s only the index-file he/she has taken.....?

Trond

Have you read this thread? This could be a good start.

Thanks! I didn`t do that, bur via my FTP i updated the index.php and mambo.php, and got my page back

How can i prevent this in the future?? I use version 4.5.2. How do the hackers realy replace å new index file on my server? Are there anything i can do the improve the security?

Trond

dr.t wrote: Are there anything i can do the improve the security?

Trond

Many things can be done to improve security.
Here is just a few things anyone can do, but security in general goes far beyond the scope of a simple forum post.
Basic things include, make sure you are patched to the highest current level of your software, *NIX or Windows
Backup to physical removeable media. Backup often
Only allow file and directory permissions as needed
Remove any and all unwary software & services from your server
Use a SPI firewall at the minimum, layer 7 firewall if possible

dr.t wrote: Thanks! I didn`t do that, bur via my FTP i updated the index.php and mambo.php, and got my page back

How can i prevent this in the future?? I use version 4.5.2. How do the hackers realy replace å new index file on my server? Are there anything i can do the improve the security?

Trond

upgrade to joomla! 1.09 !!!! you are a sitting duck like this

Hi:
You can add this roules in your .htaccess file

RewriteEngine ON
RewriteCond %{THE_REQUEST} cmd=cd [NC]
RewriteCond %{THE_REQUEST} perl
RewriteRule ^(.*)$ http://127.0.0.1/ [R=301,L]

Then go to your cpanel and set a Password Protect Directories in the files Administrator of your Mambo.
And for more security event the folder components/com_content.
The next time you will need access at the backend write the two password.
Good luck!

Does this .htaccess update work with the new 1.10 security release or is it unnecessary?
Seems like a safe thing to do but I don't want to create a conflict with other changes.

Thanks for your input.

Yes, the roules work with all version. And with others programs or files in your web.
You will be more safe.
Bye

digitaldentist wrote:

dr.t wrote: Are there anything i can do the improve the security?

Trond

Many things can be done to improve security.
Here is just a few things anyone can do, but security in general goes far beyond the scope of a simple forum post.
Basic things include, make sure you are patched to the highest current level of your software, *NIX or Windows
Backup to physical removeable media. Backup often
Only allow file and directory permissions as needed
Remove any and all unwary software & services from your server
Use a SPI firewall at the minimum, layer 7 firewall if possible

Just to pick on one point, what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.

.

what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.

General rule...
1 - Back up all files after each install of a component, module, template or bot! You do not need to backup regularly since these files don';t change regularly unless you install something.

2 - Back up your images folder after each site update or content post or once a week if you update often.

3 - If possible use a mirroring FTP tool to automatically keep a local copy of your site as changes are made!

4 - Set up a cron or use some backup utility to backup the database often! Once a day is the safest but once a week will do...

5 - If you have the space you might want to save all these backups on the server in a protected non-public area to save you transfer time should you need to restore a hacked site!


I don't suggest writing content in the Joomla Editor...Better to create it locally and then paste it into the J! editor...Just save those files for a week and you should be able to restore whatever you missed if something happens between backups!

Asphyx wrote:

what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.

General rule...
2 - Back up your images folder after each site update or content post or once a week if you update often.

4 - Set up a cron or use some backup utility to backup the database often! Once a day is the safest but once a week will do...

Any suggestions on either rule 2 or rule 4?

Well if you don't know how to set up a cron don't try #4....Also if you rent a server you might not even have the ability to set up a cron...

As for #2 even a simple ftp mirrior utility could be used locally to syncronize with your images folders to make a backup whenever a filke is changed...

Asphyx wrote: Well if you don't know how to set up a cron don't try #4....Also if you rent a server you might not even have the ability to set up a cron...

As for #2 even a simple ftp mirrior utility could be used locally to syncronize with your images folders to make a backup whenever a filke is changed...

4 - I am not overly familiar with it but I lease a server and do have shell access and the ability to set up cron jobs. I think what I, as well as others may be looking for is an example script that will show us the best way to backup the necessary files...

2 - I use the backup built into WHM.. incremental FTP backup.. not a mirror as it only runs once a day.. does the mirror run anytime there is a change? Which utility do you use?

4 - I am not overly familiar with it but I lease a server and do have shell access and the ability to set up cron jobs. I think what I, as well as others may be looking for is an example script that will show us the best way to backup the necessary files...

Here is a good link to making a cron script and using crontab...
http://www.scrounge.org/linux/cron.html

an example would be:
10 0 * * 6 cp /path/to/webroot/* /path/to/backup/files

Will copy all files from webroot top your backup folder on saturday 12:10 am


the command your going to run is a simply copy from one folder to the other. use whatever command your OS uses to copy files from one place to another. Make sure the backups are being copied to a non public folder unreachable by the webserver (above public_html) but available by FTP.

2 - I use the backup built into WHM.. incremental FTP backup.. not a mirror as it only runs once a day.. does the mirror run anytime there is a change? Which utility do you use?

I personally use Dreamweaver to sync my local files to the server. But if you run windows locally look for FTPSync as an option. http://www.fileware.com/products.htm

Dreamweaver will automatically sync the local and remote files and if something has changed will even alert me that a change outside of dreamweaver has been made!

Remember you really only need to sync and regularly backup the images folder as that changes as content is added...