Hacked by "Net Devil"..needs HELP!

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
dr.t
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Jun 24, 2006 9:03 am

Hacked by "Net Devil"..needs HELP!

Post by dr.t » Sat Jun 24, 2006 9:16 am

Hi!
My homepage (floberghagen.com) has been "hacked" by NetDevil-for the old T!M35!... >:(

I can not log on my admin, and dont know how to troubleshoot this... :(

Anybody out there that know how this can be fixed??

Probably/i hope it`s only the index-file he/she has taken.....?

Trond

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16553
Joined: Thu Aug 18, 2005 7:13 am

Re: Hacked by "Net Devil"..needs HELP!

Post by Tonie » Sat Jun 24, 2006 9:22 am

Have you read this thread? This could be a good start.

dr.t
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Jun 24, 2006 9:03 am

Re: Hacked by "Net Devil"..needs HELP!

Post by dr.t » Sat Jun 24, 2006 1:18 pm

Thanks! I didn`t do that, bur via my FTP i updated the index.php and mambo.php, and got my page back :)

How can i prevent this in the future?? I use version 4.5.2. How do the hackers realy replace å new index file on my server? Are there anything i can do the improve the security?

Trond

digitaldentist

Re: Hacked by "Net Devil"..needs HELP!

Post by digitaldentist » Sat Jun 24, 2006 2:02 pm

dr.t wrote: Are there anything i can do the improve the security?

Trond
Many things can be done to improve security.
Here is just a few things anyone can do, but security in general goes far beyond the scope of a simple forum post.
Basic things include, make sure you are patched to the highest current level of your software, *NIX or Windows
Backup to physical removeable media. Backup often
Only allow file and directory permissions as needed
Remove any and all unwary software & services from your server
Use a SPI firewall at the minimum, layer 7 firewall if possible

mad_gertje
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 141
Joined: Wed Sep 07, 2005 5:18 pm
Location: The Netherlands
Contact:

Re: Hacked by "Net Devil"..needs HELP!

Post by mad_gertje » Sat Jun 24, 2006 2:56 pm

dr.t wrote: Thanks! I didn`t do that, bur via my FTP i updated the index.php and mambo.php, and got my page back :)

How can i prevent this in the future?? I use version 4.5.2. How do the hackers realy replace å new index file on my server? Are there anything i can do the improve the security?

Trond
upgrade to joomla! 1.09 !!!! you are a sitting duck like this ;)
Signature rules: http://forum.joomla.org/index.php/topic,65.0.html
Only exact url's allowed

User avatar
grace
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Wed Sep 14, 2005 5:59 am
Contact:

Re: Hacked by "Net Devil"..needs HELP!

Post by grace » Sun Jun 25, 2006 7:34 am

Hi:
You can add this roules in your .htaccess file

RewriteEngine ON
RewriteCond %{THE_REQUEST} cmd=cd [NC]
RewriteCond %{THE_REQUEST} perl
RewriteRule ^(.*)$ http://127.0.0.1/ [R=301,L]

Then go to your cpanel and set a Password Protect Directories in the files Administrator of your Mambo.
And for more security event the folder components/com_content.
The next time you will need access at the backend write the two password.
Good luck!

emagin
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 136
Joined: Sun Sep 11, 2005 7:46 pm
Location: san francisco, ca usa

Re: Hacked by "Net Devil"..needs HELP!

Post by emagin » Mon Jun 26, 2006 6:21 pm

Does this .htaccess update work with the new 1.10 security release or is it unnecessary?
Seems like a safe thing to do but I don't want to create a conflict with other changes.

Thanks for your input.

User avatar
grace
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Wed Sep 14, 2005 5:59 am
Contact:

Re: Hacked by "Net Devil"..needs HELP!

Post by grace » Mon Jun 26, 2006 10:10 pm

Yes, the roules work with all version. And with others programs or files in your web.
You will be more safe.
Bye

Shaolin
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Thu Jun 01, 2006 11:23 pm

Re: Hacked by "Net Devil"..needs HELP!

Post by Shaolin » Tue Jun 27, 2006 12:34 pm

digitaldentist wrote:
dr.t wrote: Are there anything i can do the improve the security?

Trond
Many things can be done to improve security.
Here is just a few things anyone can do, but security in general goes far beyond the scope of a simple forum post.
Basic things include, make sure you are patched to the highest current level of your software, *NIX or Windows
Backup to physical removeable media. Backup often
Only allow file and directory permissions as needed
Remove any and all unwary software & services from your server
Use a SPI firewall at the minimum, layer 7 firewall if possible

Just to pick on one point, what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.

.

Asphyx
Joomla! Hero
Joomla! Hero
Posts: 2454
Joined: Sun Aug 28, 2005 5:03 pm

Re: Hacked by "Net Devil"..needs HELP!

Post by Asphyx » Tue Jun 27, 2006 1:24 pm

what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.
General rule...
1 - Back up all files after each install of a component, module, template or bot! You do not need to backup regularly since these files don';t change regularly unless you install something.

2 - Back up your images folder after each site update or content post or once a week if you update often.

3 - If possible use a mirroring FTP tool to automatically keep a local copy of your site as changes are made!

4 - Set up a cron or use some backup utility to backup the database often! Once a day is the safest but once a week will do...

5 - If you have the space you might want to save all these backups on the server in a protected non-public area to save you transfer time should you need to restore a hacked site!


I don't suggest writing content in the Joomla Editor...Better to create it locally and then paste it into the J! editor...Just save those files for a week and you should be able to restore whatever you missed if something happens between backups!

User avatar
crash777
Joomla! Explorer
Joomla! Explorer
Posts: 334
Joined: Sat Sep 03, 2005 1:56 am
Location: Upstate New York

Re: Hacked by "Net Devil"..needs HELP!

Post by crash777 » Tue Jul 25, 2006 11:06 am

Asphyx wrote:
what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.
General rule...
2 - Back up your images folder after each site update or content post or once a week if you update often.

4 - Set up a cron or use some backup utility to backup the database often! Once a day is the safest but once a week will do...
Any suggestions on either rule 2 or rule 4?
Thanks!
Aaron

Asphyx
Joomla! Hero
Joomla! Hero
Posts: 2454
Joined: Sun Aug 28, 2005 5:03 pm

Re: Hacked by "Net Devil"..needs HELP!

Post by Asphyx » Wed Jul 26, 2006 12:36 am

Well if you don't know how to set up a cron don't try #4....Also if you rent a server you might not even have the ability to set up a cron...

As for #2 even a simple ftp mirrior utility could be used locally to syncronize with your images folders to make a backup whenever a filke is changed...

User avatar
crash777
Joomla! Explorer
Joomla! Explorer
Posts: 334
Joined: Sat Sep 03, 2005 1:56 am
Location: Upstate New York

Re: Hacked by "Net Devil"..needs HELP!

Post by crash777 » Wed Jul 26, 2006 10:31 am

Asphyx wrote: Well if you don't know how to set up a cron don't try #4....Also if you rent a server you might not even have the ability to set up a cron...

As for #2 even a simple ftp mirrior utility could be used locally to syncronize with your images folders to make a backup whenever a filke is changed...
4 - I am not overly familiar with it but I lease a server and do have shell access and the ability to set up cron jobs. I think what I, as well as others may be looking for is an example script that will show us the best way to backup the necessary files...

2 - I use the backup built into WHM.. incremental FTP backup.. not a mirror as it only runs once a day.. does the mirror run anytime there is a change? Which utility do you use?
Thanks!
Aaron

Asphyx
Joomla! Hero
Joomla! Hero
Posts: 2454
Joined: Sun Aug 28, 2005 5:03 pm

Re: Hacked by "Net Devil"..needs HELP!

Post by Asphyx » Wed Jul 26, 2006 2:51 pm

4 - I am not overly familiar with it but I lease a server and do have shell access and the ability to set up cron jobs. I think what I, as well as others may be looking for is an example script that will show us the best way to backup the necessary files...
Here is a good link to making a cron script and using crontab...
http://www.scrounge.org/linux/cron.html

an example would be:
10 0 * * 6 cp /path/to/webroot/* /path/to/backup/files

Will copy all files from webroot top your backup folder on saturday 12:10 am


the command your going to run is a simply copy from one folder to the other. use whatever command your OS uses to copy files from one place to another. Make sure the backups are being copied to a non public folder unreachable by the webserver (above public_html) but available by FTP.
2 - I use the backup built into WHM.. incremental FTP backup.. not a mirror as it only runs once a day.. does the mirror run anytime there is a change? Which utility do you use?
I personally use Dreamweaver to sync my local files to the server. But if you run windows locally look for FTPSync as an option. http://www.fileware.com/products.htm

Dreamweaver will automatically sync the local and remote files and if something has changed will even alert me that a change outside of dreamweaver has been made!

Remember you really only need to sync and regularly backup the images folder as that changes as content is added...


Locked

Return to “Security - 1.0.x”