Hacked by "Net Devil"..needs HELP!

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
dr.t
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Jun 24, 2006 9:03 am

Hacked by "Net Devil"..needs HELP!

Postby dr.t » Sat Jun 24, 2006 9:16 am

Hi!
My homepage (floberghagen.com) has been "hacked" by NetDevil-for the old T!M35!... >:(

I can not log on my admin, and dont know how to troubleshoot this... :(

Anybody out there that know how this can be fixed??

Probably/i hope it`s only the index-file he/she has taken.....?

Trond

User avatar
Tonie
Joomla! Master
Joomla! Master
Posts: 16584
Joined: Thu Aug 18, 2005 7:13 am

Re: Hacked by "Net Devil"..needs HELP!

Postby Tonie » Sat Jun 24, 2006 9:22 am

Have you read this thread? This could be a good start.

dr.t
Joomla! Fledgling
Joomla! Fledgling
Posts: 2
Joined: Sat Jun 24, 2006 9:03 am

Re: Hacked by "Net Devil"..needs HELP!

Postby dr.t » Sat Jun 24, 2006 1:18 pm

Thanks! I didn`t do that, bur via my FTP i updated the index.php and mambo.php, and got my page back :)

How can i prevent this in the future?? I use version 4.5.2. How do the hackers realy replace å new index file on my server? Are there anything i can do the improve the security?

Trond

digitaldentist

Re: Hacked by "Net Devil"..needs HELP!

Postby digitaldentist » Sat Jun 24, 2006 2:02 pm

dr.t wrote:Are there anything i can do the improve the security?

Trond

Many things can be done to improve security.
Here is just a few things anyone can do, but security in general goes far beyond the scope of a simple forum post.
Basic things include, make sure you are patched to the highest current level of your software, *NIX or Windows
Backup to physical removeable media. Backup often
Only allow file and directory permissions as needed
Remove any and all unwary software & services from your server
Use a SPI firewall at the minimum, layer 7 firewall if possible

User avatar
mad_gertje
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 141
Joined: Wed Sep 07, 2005 5:18 pm
Location: The Netherlands
Contact:

Re: Hacked by "Net Devil"..needs HELP!

Postby mad_gertje » Sat Jun 24, 2006 2:56 pm

dr.t wrote:Thanks! I didn`t do that, bur via my FTP i updated the index.php and mambo.php, and got my page back :)

How can i prevent this in the future?? I use version 4.5.2. How do the hackers realy replace å new index file on my server? Are there anything i can do the improve the security?

Trond


upgrade to joomla! 1.09 !!!! you are a sitting duck like this ;)
Signature rules: http://forum.joomla.org/index.php/topic,65.0.html
Only exact url's allowed

User avatar
grace
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Wed Sep 14, 2005 5:59 am
Contact:

Re: Hacked by "Net Devil"..needs HELP!

Postby grace » Sun Jun 25, 2006 7:34 am

Hi:
You can add this roules in your .htaccess file

RewriteEngine ON
RewriteCond %{THE_REQUEST} cmd=cd [NC]
RewriteCond %{THE_REQUEST} perl
RewriteRule ^(.*)$ http://127.0.0.1/ [R=301,L]

Then go to your cpanel and set a Password Protect Directories in the files Administrator of your Mambo.
And for more security event the folder components/com_content.
The next time you will need access at the backend write the two password.
Good luck!

emagin
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 136
Joined: Sun Sep 11, 2005 7:46 pm
Location: san francisco, ca usa

Re: Hacked by "Net Devil"..needs HELP!

Postby emagin » Mon Jun 26, 2006 6:21 pm

Does this .htaccess update work with the new 1.10 security release or is it unnecessary?
Seems like a safe thing to do but I don't want to create a conflict with other changes.

Thanks for your input.

User avatar
grace
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Wed Sep 14, 2005 5:59 am
Contact:

Re: Hacked by "Net Devil"..needs HELP!

Postby grace » Mon Jun 26, 2006 10:10 pm

Yes, the roules work with all version. And with others programs or files in your web.
You will be more safe.
Bye

Shaolin
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 113
Joined: Thu Jun 01, 2006 11:23 pm

Re: Hacked by "Net Devil"..needs HELP!

Postby Shaolin » Tue Jun 27, 2006 12:34 pm

digitaldentist wrote:
dr.t wrote:Are there anything i can do the improve the security?

Trond

Many things can be done to improve security.
Here is just a few things anyone can do, but security in general goes far beyond the scope of a simple forum post.
Basic things include, make sure you are patched to the highest current level of your software, *NIX or Windows
Backup to physical removeable media. Backup often
Only allow file and directory permissions as needed
Remove any and all unwary software & services from your server
Use a SPI firewall at the minimum, layer 7 firewall if possible


Just to pick on one point, what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.

.

Asphyx
Joomla! Hero
Joomla! Hero
Posts: 2454
Joined: Sun Aug 28, 2005 5:03 pm

Re: Hacked by "Net Devil"..needs HELP!

Postby Asphyx » Tue Jun 27, 2006 1:24 pm

what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.


General rule...
1 - Back up all files after each install of a component, module, template or bot! You do not need to backup regularly since these files don';t change regularly unless you install something.

2 - Back up your images folder after each site update or content post or once a week if you update often.

3 - If possible use a mirroring FTP tool to automatically keep a local copy of your site as changes are made!

4 - Set up a cron or use some backup utility to backup the database often! Once a day is the safest but once a week will do...

5 - If you have the space you might want to save all these backups on the server in a protected non-public area to save you transfer time should you need to restore a hacked site!


I don't suggest writing content in the Joomla Editor...Better to create it locally and then paste it into the J! editor...Just save those files for a week and you should be able to restore whatever you missed if something happens between backups!

User avatar
crash777
Joomla! Explorer
Joomla! Explorer
Posts: 334
Joined: Sat Sep 03, 2005 1:56 am
Location: Upstate New York

Re: Hacked by "Net Devil"..needs HELP!

Postby crash777 » Tue Jul 25, 2006 11:06 am

Asphyx wrote:
what methods can one use to backup the website ? What files should one backup ? The whole site, or just particular files.


General rule...
2 - Back up your images folder after each site update or content post or once a week if you update often.

4 - Set up a cron or use some backup utility to backup the database often! Once a day is the safest but once a week will do...

Any suggestions on either rule 2 or rule 4?
Thanks!
Aaron

Asphyx
Joomla! Hero
Joomla! Hero
Posts: 2454
Joined: Sun Aug 28, 2005 5:03 pm

Re: Hacked by "Net Devil"..needs HELP!

Postby Asphyx » Wed Jul 26, 2006 12:36 am

Well if you don't know how to set up a cron don't try #4....Also if you rent a server you might not even have the ability to set up a cron...

As for #2 even a simple ftp mirrior utility could be used locally to syncronize with your images folders to make a backup whenever a filke is changed...

User avatar
crash777
Joomla! Explorer
Joomla! Explorer
Posts: 334
Joined: Sat Sep 03, 2005 1:56 am
Location: Upstate New York

Re: Hacked by "Net Devil"..needs HELP!

Postby crash777 » Wed Jul 26, 2006 10:31 am

Asphyx wrote:Well if you don't know how to set up a cron don't try #4....Also if you rent a server you might not even have the ability to set up a cron...

As for #2 even a simple ftp mirrior utility could be used locally to syncronize with your images folders to make a backup whenever a filke is changed...


4 - I am not overly familiar with it but I lease a server and do have shell access and the ability to set up cron jobs. I think what I, as well as others may be looking for is an example script that will show us the best way to backup the necessary files...

2 - I use the backup built into WHM.. incremental FTP backup.. not a mirror as it only runs once a day.. does the mirror run anytime there is a change? Which utility do you use?
Thanks!
Aaron

Asphyx
Joomla! Hero
Joomla! Hero
Posts: 2454
Joined: Sun Aug 28, 2005 5:03 pm

Re: Hacked by "Net Devil"..needs HELP!

Postby Asphyx » Wed Jul 26, 2006 2:51 pm

4 - I am not overly familiar with it but I lease a server and do have shell access and the ability to set up cron jobs. I think what I, as well as others may be looking for is an example script that will show us the best way to backup the necessary files...


Here is a good link to making a cron script and using crontab...
http://www.scrounge.org/linux/cron.html

an example would be:
10 0 * * 6 cp /path/to/webroot/* /path/to/backup/files

Will copy all files from webroot top your backup folder on saturday 12:10 am


the command your going to run is a simply copy from one folder to the other. use whatever command your OS uses to copy files from one place to another. Make sure the backups are being copied to a non public folder unreachable by the webserver (above public_html) but available by FTP.

2 - I use the backup built into WHM.. incremental FTP backup.. not a mirror as it only runs once a day.. does the mirror run anytime there is a change? Which utility do you use?


I personally use Dreamweaver to sync my local files to the server. But if you run windows locally look for FTPSync as an option. http://www.fileware.com/products.htm

Dreamweaver will automatically sync the local and remote files and if something has changed will even alert me that a change outside of dreamweaver has been made!

Remember you really only need to sync and regularly backup the images folder as that changes as content is added...


Return to “Security - 1.0.x”

Who is online

Users browsing this forum: No registered users and 4 guests