Getting compromised, Need help

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
SukhiLaal
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sat Jul 16, 2016 12:08 am

Getting compromised, Need help

Post by SukhiLaal » Sat Jul 16, 2016 12:24 am

I have an old website in joomla 1.5 and its getting compromised almost every month.
I have hired experts to secure it but its not helping much.
Here is link of website. http://www.howtoexam.com
It involves costume components and lot of core customization.
is it possible to secure it or shall i update it on any cost.

User avatar
AlexVega
Joomla! Hero
Joomla! Hero
Posts: 2093
Joined: Fri Aug 28, 2015 6:13 am
Location: México
Contact:

Re: Getting compromised, Need help

Post by AlexVega » Sat Jul 16, 2016 1:12 am

Hi there,

Maybe you need consiser update your installation and your custom components to J3.6, probably the
investment in security is similar to the investment in the upgrade of your platform.

Cheers.

SukhiLaal
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sat Jul 16, 2016 12:08 am

Re: Getting compromised, Need help

Post by SukhiLaal » Sat Jul 16, 2016 5:43 pm

Somewhat i am agree on investment part.
Now at some places i am using cck seblod.Seblod is one of the most complex component in joomla.I regret that i selected seblod.Not that seblod is bad, its good for development but mess in upgrade.
Now i am afraid that upgrading seblod will break things and will be a big mess to handle and may be url structure will change for seblod(urls with lot of parameters).

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5498
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Getting compromised, Need help

Post by sozzled » Sat Jul 16, 2016 9:24 pm

About four years ago I had a J! 1.5 website and someone hacked it. It did not "compromise" my site: it compromised all of my other sites. Ultimately I had no choice other than remove the compromised J! 1.5 site from the server.

It is a well-known fact that J! 1.5 sites are vulnerable to attack. There have been no security patches or updates available for J! 1.5 for over four years. People who continue to use J! 1.5 do so in the knowledge that, one day, their websites will be compromised.

The best advice we can offer to people who use J! 1.5 is to take action now. This may sound unsympathetic but it's really the best advice. Of course it may be possible to solve the problems that you currently have but it's really only a band-aid. My advice to you is to consider the need for major surgery.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

SukhiLaal
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Sat Jul 16, 2016 12:08 am

Re: Getting compromised, Need help

Post by SukhiLaal » Sun Jul 17, 2016 12:50 am

I guess i will have to go with your suggestions.
However i am not going to use complex components ever.
I will try to find out if seblod can be replaced with some easy to upgrade component.
Thanks for suggestions.

user11
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Tue Jul 19, 2016 4:58 pm

Re: Getting compromised, Need help

Post by user11 » Tue Jul 19, 2016 5:40 pm

Depends on how you use your joomla 1.5 site but if you don`t have user registration option and are not running any components(other than SEO) and extentions, you should do the following.


1. buy and install jSecure to hide your administrator. (dont forget the url password though)

2. change your admin user to anything other than admin which is there by default.

3. use SEO component and redirect the following links to 404:

- index.php?option=com_user&view=reset
- index.php?option=com_user&view=remind
- index.php?option=com_user&task=remindusername
- index.php?option=com_user&task=requestreset
- ndex.php?option=com_user&task=confirmreset
- index.php?option=com_user&view=login

4. limit your search query to 20 letters max.

5. change your database prefix to something other than jos_ which is there by default. You`re going to have to change your database as well through phpmyadmin in order to work properly.

6. if you use com_contact, implement Captcha.

7. enable htaccess.


This will pretty much save you from being mass hacked by opportunists. However, if pros stop by, you don`t have much chances anyhow.

1.5 version is so old that it`s almost safe again since there is a lack of interest for hackers, hence almost nobody using it anymore. That is if you can secure some of the basic exploits and avoid using extentions and most of the input types.

samundri
Joomla! Fledgling
Joomla! Fledgling
Posts: 4
Joined: Fri Jul 29, 2016 7:00 pm

Re: Getting compromised, Need help

Post by samundri » Sat Jul 30, 2016 12:37 pm

From my experience you should move to joomla 3 as soon as possible.
I do not like frequent updates as well but joomla 1.5 is not safe no matter what you do.

User avatar
ribo
Joomla! Virtuoso
Joomla! Virtuoso
Posts: 3247
Joined: Sun Jan 03, 2010 8:47 pm
Contact:

Re: Getting compromised, Need help

Post by ribo » Sat Jul 30, 2016 1:34 pm

You must take the decision to update your 1.5 to the latest version that is 3.6.0 now. Your joomla is EOL as your php version too.
chat room spontes : http://www.spontes.com


Locked

Return to “Security in Joomla! 1.5”