The Joomla! Forum ™



Forum rules


Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.



Post new topic Reply to topic  [ 10 posts ] 
Author Message
PostPosted: Sun Nov 25, 2012 12:29 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Nov 04, 2012 3:21 pm
Posts: 34
Unfortunately, I have discovered, that the official Hungarian Joomla website has been hacked (http://www.joomla. org.hu/). It had been offline for a few weeks, a message said that they were updating the site, and yesterday, I saw that it had been hacked. Since then, I'm a bit worried about my Joomla site's security too (using the latest version, 3.0.2).
So I have searched around, read the security checklist, and all related docs. I have also installed the Admin Tools free component. With this component I have set a password to protect "administrator" (well, you can also do that in cPanel), and set up a unique super admin id. What other steps should I take (or components should I install) to make sure my site can't be easily hacked?
Also, I see that if you try to access http://www.joomla.org/administrator, it redirects you to the main page. How is that possible? Is it a safer method, than protecting it with a password?


Last edited by mandville on Sun Nov 25, 2012 4:52 pm, edited 1 time in total.
broke link


Top
 Profile  
 
PostPosted: Tue Nov 27, 2012 11:45 am 
User avatar
Joomla! Enthusiast
Joomla! Enthusiast

Joined: Mon Jan 11, 2010 9:23 am
Posts: 187
Location: Cibeureum Cibatok 2 Cibungbulang
N4ndee wrote:
Unfortunately, I have discovered, that the official Hungarian Joomla website has been hacked (http://www.joomla. org.hu/). It had been offline for a few weeks, a message said that they were updating the site, and yesterday, I saw that it had been hacked. Since then, I'm a bit worried about my Joomla site's security too (using the latest version, 3.0.2).
So I have searched around, read the security checklist, and all related docs. I have also installed the Admin Tools free component. With this component I have set a password to protect "administrator" (well, you can also do that in cPanel), and set up a unique super admin id. What other steps should I take (or components should I install) to make sure my site can't be easily hacked?
Also, I see that if you try to access http://www.joomla.org/administrator, it redirects you to the main page. How is that possible? Is it a safer method, than protecting it with a password?


Have you try Jsecure? If you broke, you can still use Admin Excile.

Oh, BTW, There's impossible to make our site 100% Hack free. So, Just take it easy and have a good preparation. :pop

_________________
Mudah-mudahan bermanfaat
http://enigmawebinc.com >> Jasa Web Joomla Profesional


Top
 Profile  
 
PostPosted: Tue Nov 27, 2012 3:40 pm 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sun Nov 04, 2012 3:21 pm
Posts: 34
Thank you for your reply. I know it's impossible, I'm just trying to make my site a bit harder to hack. I'm going to check them out.


Top
 Profile  
 
PostPosted: Thu Nov 29, 2012 10:03 am 
Joomla! Apprentice
Joomla! Apprentice

Joined: Sat Sep 01, 2012 7:02 pm
Posts: 27
Also ensure you are with a Web Host that can offer secure hosting. Symlinking, weak FTP passwords on any account on some servers can compromise a whole server.

_________________
Web Hosting And Domains Provider In South Africa
http://www.hostking.co.za
http://www.hostking.co.za/web-hosting


Top
 Profile  
 
PostPosted: Tue Dec 04, 2012 2:17 pm 
User avatar
Joomla! Guru
Joomla! Guru

Joined: Thu Jul 06, 2006 12:57 pm
Posts: 710
Location: Stockholm Sweden
Also put in a secure htaccess master file like this one from Nicholas https://akeeba.assembla.com/code/master ... access.txt

If you get that to work after some tweaking its more secure..

_________________
Success in the long run Its not about the code its about the people and community that's make it!
Its not what you say its what you do that matters!

Darb - aka ssnobben


Top
 Profile  
 
PostPosted: Tue Dec 04, 2012 5:07 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2727
Location: Wisconsin USA
Warning
The use of custom htaccess files such as the one in the Joomla documentation site:
http://docs.joomla.org/Htaccess_examples_%28security%29

and the one here
https://akeeba.assembla.com/code/master ... access.txt

is at a users own risk. These htaccess files are NOT plug and play and will cause your site to cease working until properly configured. The files also contain code that may be enabled by default that is not relevant for every site and will cause issues. If a site already contains an htaccess file, then replacing that file with a 'master' file may cause the site to stop working or stop working properly. Examples would be an existing htaccess that includes code to enable php 5.3 which Joomla 3.0.xx requires or a site with a permanent redirect in the htaccess file.

For most websites and purposes, the default included Joomla htaccess file is more than sufficient. The Joomla htaccess file file is not enabled by default as some sites already have a default htaccess file with specific commands set by their host or by the site developer. To enable the Joomla htaccess file rename the file htaccess.txt to .htaccess The file generally does not require any configuration. If there is an existing .htaccess file, then add the Joomla code to the existing file or if unsure ask us to help.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator


Top
 Profile  
 
PostPosted: Sun Dec 23, 2012 1:07 pm 
Joomla! Fledgling
Joomla! Fledgling

Joined: Sun Dec 23, 2012 12:53 pm
Posts: 1
I highly recommend Incapsula plugin for both security issues as it provides you a real good protection from hacking and also makes the site fast. I use it for my clients and it works like a charm.
free download from jed. good luck

http://extensions.joomla.org/extensions ... tion/22609


Top
 Profile  
 
PostPosted: Mon Mar 04, 2013 1:18 pm 
User avatar
Joomla! Master
Joomla! Master

Joined: Mon Aug 29, 2005 10:17 am
Posts: 13796
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
N4ndee wrote:
Also, I see that if you try to access http://www.joomla.org/administrator, it redirects you to the main page. How is that possible?
Done with a directive in htaccess-file

Leo 8)

_________________
-- Joomla Professional Support Services : http://gws-desk.com --
-- Good & Cheap Joomla Sites Ready To Roll : http://gws-deals.today --
-- Joomla Specialized Hosting Solutions : www.gws-host.com --
-- Member Joomla Bug Squad --


Top
 Profile  
 
PostPosted: Fri Apr 19, 2013 5:20 am 
I've been banned!

Joined: Thu Feb 21, 2013 6:37 am
Posts: 12
Location: USA
Step 1. Install the component and go to Components > DB Admin.

Step 2. Using the intuitive interface, change the default "jos_" prefix of your Joomla 1.5 tables to a different value.

Step 3. Modify the configuration.php file in your main Joomla folder. In it locate the following line:

var $dbprefix = 'jos_';

You will have to edit it to correspond to the new table prefix you have set. For example, if you have changed the table prefix to "smth_" the line in the configuration.php file should look like this:

var $dbprefix = 'smth_';

The default table prefix of your Joomla database is now changed. This should block the majority of attacks against your database.


Top
 Profile  
 
PostPosted: Sat Apr 20, 2013 8:46 pm 
User avatar
Joomla! Hero
Joomla! Hero

Joined: Sat Oct 21, 2006 10:20 pm
Posts: 2727
Location: Wisconsin USA
Joomla 3.0+ randomizes the database prefix automatically upon site creation and no longer uses a default jos_ prefix. It is no longer necessary to manually change the prefix.

As Leo said it is easy by using a directive in the site htaccess file to redirect all but specific ip addresses to the home page when access to the the admin url is attempted.

_________________
PhilD -- Unrequested PM's and/or emails may not get a response.
Security Moderator


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 



Who is online

Users browsing this forum: No registered users and 17 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group