Why Joomla 4 & 5 easily get hacked?

[rizalconsulting]

Hello everyone, I hope I don't get bullied for asking or delivering this.

I have been using Joomla since 2006 from Joomla 1.5. Now I am using Joomla 5 for several projects.

I noticed that on several websites that use Joomla 4 and Joomla 5, it is very easy to hack. Hackers can easily change the index.php, .htaccess files, add new folders in the root, and files in the default Joomla folder.

I have tried to implement many things for security, including using a strong password for the administrator and not using the username admin or administrator. I even use a security extension for one of the websites, but hackers can still easily access and mess up the root folder.

And from several hack cases that I have experienced myself, fortunately, the SQL file was not touched. Is it true that hackers are not touched, maybe because they are not noticed or what.

What about the Joomla masters in this forum? Do you have any opinions? Thank you.

[AMurray]

I've not experienced any hacking of a Joomla site in my 15 years using it.

It sounds like your server is compromised more so than Joomla itself. Are you on shared hosting, VPS or a dedicated server - is the server self managed (by you) or managed by the web hosting company?

Can you start by blocking suspect IP addresses and that sort of thing - that's not through Joomla but more likely in your web hosting account which would have utilities for that. If it continues, raise the matter with your web host.

You've not really gone into that much detail of what was changed other than "they changed the index.php and .htaccess file." To what end - what was the result of the hack? A defaced home page or something more malicious?

Additional to a strong password try multifactor authentication and a plugin such as AdminExile. https://extensions.joomla.org/extension/adminexile/ which requires a secret code at the end of the URL in order for it to be accessed. use this in conjunction with the MFA, strong password and even the htaccess/htpasswd on your administrator file for additional login (the credentials of which need to be completely separate from your Joomla details).

[pe7er]

I noticed that on several websites that use Joomla 4 and Joomla 5, it is very easy to hack. Hackers can easily change the index.php, .htaccess files, add new folders in the root, and files in the default Joomla folder.

Do you use the most recent stable Joomla versions?
The current Joomla versions (5.2.4 and 4.4.11) are safe.

I use Joomla since 2005 and two of my websites were hacked in the last 20 years:

• Around 2010 my site hacked from the inside. The shared hosting server I used back then, got hacked, and all index.php files got overwritten with political messages.
• In 2022, my Joomla 4 hacked because of a security issue with Joomla's debug mode, which was fixed very fast. I wrote an article about that in Joomla Community Magazine:
  https://magazine.joomla.org/all-issues/ ... got-hacked

What third-party extensions you use? How safe is your server/hosting?
When your website got hacked, did you analyse how it happened?
Did you remove any backdoor scripts that hackers left on your site?

[JAVesey]

Did you remove any backdoor scripts that hackers left on your site?

This ^

How did you clean-up your site after it was hacked? Unless you traced and removed the hack the chances are that it’s still there on your server.

Have you considered an audit by mysites.guru ? Phil is the best at this kind of thing and the first audit is free. I have no connection to the service, btw.

I’ve been using Joomla since 2013 (early in the J3 series) on shared hosting and have never been hacked. It’s not Joomla - it’s either an insecure, out of date extension or your hosting environment.

[Webdongle]

I doubt it was Joomla that was hacked otherwise many would be hacked attacking the same vulnerability.
Things to check
3rd part extensions
Other sites on your server (especially if you have wp)

Once you have been hacked the only sure thing to get rid of the hacks is delete ALL the files on the server. You then need to rebuild the site. viewtopic.php?f=843&t=1005473

[ManuelVoileux]

I noticed that on several websites that use Joomla 4 and Joomla 5, it is very easy to hack. Hackers can easily change the index.php, .htaccess files, add new folders in the root, and files in the default Joomla folder.

Hello , for htaccess , I use the common following code , and I had never a change of the htaccess

Code: Select all

# secure .htaccess file
<Files .htaccess>
	Order allow,deny
	Deny from all
</Files>

I use as well a firewall proposed by the hosting company + a firewall included in the htaccess. I keep on tracking errors with the joomla redirect plugin and I see between 20 and 100 "attack" or false trials a day. But the site never stopped working

[breeze29]

Hello everyone, I hope I don't get bullied for asking or delivering this.

I have been using Joomla since 2006 from Joomla 1.5. Now I am using Joomla 5 for several projects.

I noticed that on several websites that use Joomla 4 and Joomla 5, it is very easy to hack. Hackers can easily change the index.php, .htaccess files, add new folders in the root, and files in the default Joomla folder.

What about the Joomla masters in this forum? Do you have any opinions? Thank you.

I've used Joomla nearly as long as you have. In the J2x days, I had multiple sites (different hosts) get hacked. It's been good since. After my experience many years ago and after a Wordpress experience, I do a lot to keep things secure. Dedicated managed hosting. Firewall. Regular back ups. Monthly update of installed software. Jooolma core updates. It's a lot but it isn't. It's, perhaps, an hour each month to give this kind of attention to the website. Occasionally, there will be an issue that requires more attention or a more serious migration needed for the core CMS. The hosting company also has a schedule for backups too. And with all that, things can still happen.

[Mr. Wimpy]

I'm not saying it's not possible, but...

* J4 was released 3+ years ago
* Topic starter has been registered for little over a year and never mentioned this before
* It's TS's first post and has not returned here or elsewhere since
* TS says nothing really about the cause
* Examples given are not really J related and could just as well be a bad server configuration
* The "many things for security" mention the most basic
* No mention of what "security extension" was used
* TS could not have used J1.5 since 2006, 1.5 was released in 2008

* If it is/was so easy, as TS says, the internet would explode
* The internet has not exploded

So either it's specific to TS or it's clickbait!

[gws]

+1 @ Mr.Wimpy