Database erased

Discussion regarding Joomla! 3.x security issues.

Moderators: Bernard T, mandville, fcoulter, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant / FPA - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
Post Reply
alfabeto
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Jan 20, 2020 8:59 am

Database erased

Post by alfabeto » Mon Feb 10, 2020 11:03 am

Hi everyone!

I have been working with Joomla very little, I'm a noob.

I have a big problem and I don't know how to handle it.
I have installed joomla on MAMP on a mac. I know it's not the best way, but I needed to publish my site as soon as possible and the concurrence of visits should not be very high.

Everything seems to work quite well, but apparently randomly, the site database disappears.
At one point, when someone access the url, only one blank page is displayed with the message "Error".

I have verified that when I access the mysql57 folder of the joomla DB folder, the database has disappeared. Only the "mysql", "performance_schema" and "sys" folders remain, but there is no trace of the two folders that should be on my site.

A new folder appears in the DB folder called "PLEASE_READ_ME_VVV" where they ask me pay 0.05 Bitcoins to recover my database.

Any suggestions to protect my site?


I would appreciate any help

 
User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 12401
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Database erased

Post by toivo » Mon Feb 10, 2020 11:15 am

wrote:I have installed joomla on MAMP on a mac. I know it's not the best way, but I needed to publish my site as soon as possible
MAMP - is that your development site or were you planning to use MAMP to host your live site?

What is the network environment - is the Mac just your workstation connected a home LAN or a virtual Mac in the cloud?
Toivo Talikka, Global Moderator

alfabeto
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Jan 20, 2020 8:59 am

Re: Database erased

Post by alfabeto » Mon Feb 10, 2020 11:16 am

Hi again!


I realized that the php console has access through the public IP http://xxx.xxx.xxx.xxx/phpmyadmin/index ... =1&lang=es and don't ask user and password

How can avoid that?

I'm sorry if it's a silly question

alfabeto
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Jan 20, 2020 8:59 am

Re: Database erased

Post by alfabeto » Mon Feb 10, 2020 11:19 am

toivo wrote:
Mon Feb 10, 2020 11:15 am
wrote:I have installed joomla on MAMP on a mac. I know it's not the best way, but I needed to publish my site as soon as possible
MAMP - is that your development site or were you planning to use MAMP to host your live site?
What is the network environment - is the Mac just your workstation connected a home LAN or a virtual Mac in the cloud?

It is an urgent project and the MAMP is used to host the live site. I know that I must change that.

The Mac is in a LAN with a Public IP.

Thanks for your reply

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 12401
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Database erased

Post by toivo » Mon Feb 10, 2020 11:21 am

Does the Mac run an anti-virus application? Is the Mac behind a firewall?

How are you backing up the website?

Please post the results of the Forum Post Assistant (FPA) by following the link in the red area at the top.
Toivo Talikka, Global Moderator

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 12401
Joined: Thu Feb 15, 2007 5:48 am
Location: Suzhou, China

Re: Database erased

Post by toivo » Mon Feb 10, 2020 11:29 am

alfabeto wrote:I realized that the php console has access through the public IP http://xxx.xxx.xxx.xxx/phpmyadmin/index ... =1&lang=es and don't ask user and password

How can avoid that?"
You need to tighten up the database security, first of all.

There are several ways you can stop outsiders and even insiders from accessing the database directly. Does the LAN have a firewall?

Set up an .htaccess file that prompts for username and password when a visitor browses to the folder where phpMyAdmin is located. The .htaccess file can also be set to limit access to the folder to certain IP subnet only, whereby only local users in the LAN can access it.

In the absence of adequate security measures in the LAN we cannot exclude the possibility that there is malware hiding in other workstations, too.

Have you thought about finding a host that can manage the web server and its security?
Toivo Talikka, Global Moderator

alfabeto
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Jan 20, 2020 8:59 am

Re: Database erased

Post by alfabeto » Mon Feb 10, 2020 11:44 am

toivo wrote:
Mon Feb 10, 2020 11:21 am
Does the Mac run an anti-virus application? Is the Mac behind a firewall?

How are you backing up the website?

Please post the results of the Forum Post Assistant (FPA) by following the link in the red area at the top.
The Mac doesn't run an anti-virus but it's behind a Firewall FortiGate 100D.

I'm backing up the website by copying the MAMP Folder.

FPA Results:
Forum Post Assistant (v1.4.9 (lambrusca) : 10th February 2020 wrote:
Last PHP Error(s) Reported :: wrote:[10-Feb-2020 09:51:02 UTC] PHP Warning: session_start(): Failed to read session data: user (path: /Applications/MAMP/tmp/php) in /Applications/MAMP/htdocs/Miralba/libraries/joomla/session/handler/native.php on line 260
Basic Environment :: wrote:Joomla! Instance :: Joomla! 3.9.14-Stable (Amani) 17-December-2019
Joomla! Platform :: Joomla Platform 13.1.0-Stable (Curiosity) 24-Apr-2013
Joomla! Configured :: Yes | Read-Only (444) | Owner: --protected-- . (uid: 1/gid: 1) | Group: --protected-- (gid: 1) | Valid For: 3.9
Configuration Options :: Offline: false | SEF: true | SEF Suffix: false | SEF ReWrite: false | .htaccess/web.config: No | GZip: false | Cache: false | CacheTime: 15 | CacheHandler: file | CachePlatformPrefix: false | FTP Layer: false | Proxy: false | LiveSite: | Session lifetime: 15 | Session handler: database | Shared sessions: false | SSL: 0 | Error Reporting: default | Site Debug: false | Language Debug: false | Default Access: 1 | Unicode Slugs: false | dbConnection Type: pdomysql | PHP Supports J! 3.9.14: Yes | Database Supports J! 3.9.14: Yes | Database Credentials Present: Yes |

Host Configuration :: OS: Darwin | OS Version: 15.6.0 | Technology: x86_64 | Web Server: Apache/2.2.34 (Unix) mod_wsgi/3.5 Python/2.7.13 PHP/7.2.21 mod_ssl/2.2.34 OpenSSL/1.0.2o DAV/2 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.10 Perl/v5.24.0 | Encoding: gzip, deflate | Doc Root: --protected-- | System TMP Writable: Yes | Free Disk Space : 1837.09 GiB |

PHP Configuration :: Version: 7.2.21 | PHP API: apache2handler | Session Path Writable: Yes | Display Errors: | Error Reporting: 32767 | Log Errors To: /Applications/MAMP/logs/php_error.log | Last Known Error: 10th February 2020 09:51:02. | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 32M | Max. POST Size: 8M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 128M

Database Configuration :: Version: 5.7.26 (Client:mysqlnd 5.0.12-dev - 20150407 - $Id: 3591daad22de08524295e1bd073aceeff11e6579 $) | Host: --protected-- (--protected--) | default Collation: utf8mb4_general_ci (default Character Set: utf8mb4) | Database Size: 6.16 MiB | #of Tables:  79
Detailed Environment :: wrote:PHP Extensions :: Core (7.2.21) | date (7.2.21) | libxml (7.2.21) | openssl (7.2.21) | pcre (7.2.21) | sqlite3 (7.2.21) | zlib (7.2.21) | bcmath (7.2.21) | bz2 (7.2.21) | calendar (7.2.21) | ctype (7.2.21) | curl (7.2.21) | dom (20031129) | hash (1.0) | fileinfo (1.0.5) | filter (7.2.21) | ftp (7.2.21) | gd (7.2.21) | SPL (7.2.21) | iconv (7.2.21) | intl (1.1.0) | json (1.6.0) | ldap (7.2.21) | mbstring (7.2.21) | session (7.2.21) | standard (7.2.21) | mysqlnd (mysqlnd 5.0.12-dev - 20150407 - $Id: 3591daad22de08524295e1bd073aceeff11e6579 $) | PDO (7.2.21) | pdo_mysql (7.2.21) | pdo_sqlite (7.2.21) | Phar (2.0.2) | posix (7.2.21) | Reflection (7.2.21) | mysqli (7.2.21) | SimpleXML (7.2.21) | soap (7.2.21) | sockets (7.2.21) | sodium (7.2.21) | exif (7.2.21) | tokenizer (7.2.21) | wddx (7.2.21) | xml (7.2.21) | xmlreader (7.2.21) | xmlwriter (7.2.21) | xsl (7.2.21) | zip (1.15.4) | apache2handler () | imap (7.2.21) | gettext (7.2.21) | pgsql (7.2.21) | pdo_pgsql (7.2.21) | Zend Engine (3.2.0) |
Potential Missing Extensions ::

Switch User Environment (Experimental) :: PHP CGI: No | Server SU: No | PHP SU: No | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Apache Modules :: core | prefork | http_core | mod_so | mod_authn_file | mod_authn_dbm | mod_authn_anon | mod_authn_dbd | mod_authn_default | mod_authz_host | mod_authz_groupfile | mod_authz_user | mod_authz_dbm | mod_authz_owner | mod_authz_default | mod_auth_basic | mod_auth_digest | mod_file_cache | mod_cache | mod_disk_cache | mod_mem_cache | mod_dbd | mod_bucketeer | mod_dumpio | mod_echo | mod_case_filter | mod_case_filter_in | mod_reqtimeout | mod_ext_filter | mod_include | mod_filter | mod_substitute | mod_charset_lite | mod_deflate | mod_log_config | mod_logio | mod_env | mod_mime_magic | mod_cern_meta | mod_expires | mod_headers | mod_ident | mod_usertrack | mod_setenvif | mod_version | mod_proxy | mod_proxy_connect | mod_proxy_ftp | mod_proxy_http | mod_proxy_scgi | mod_proxy_ajp | mod_proxy_balancer | mod_ssl | mod_mime | mod_dav | mod_status | mod_autoindex | mod_asis | mod_info | mod_cgi | mod_fastcgi | mod_cgid | mod_dav_fs | mod_vhost_alias | mod_negotiation | mod_dir | mod_imagemap | mod_actions | mod_speling | mod_userdir | mod_alias | mod_rewrite | mod_perl | mod_wsgi | mod_xsendfile | mod_php7 | Apache/2.2.34 (Unix) mod_wsgi/3.5 Python/2.7.13 PHP/7.2.21 mod_ssl/2.2.34 OpenSSL/1.0.2o DAV/2 mod_fastcgi/mod_fastcgi-SNAP-0910052141 mod_perl/2.0.10 Perl/v5.24.0 |
Potential Missing Modules :: mod_security | mod_evasive | mod_dosevasive | mod_qos | mod_userdir |
Folder Permissions :: wrote:Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (---) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) | administrator/logs/ (755) |

Elevated Permissions (First 10) ::
Database Information :: wrote:Database statistics :: Uptime: 6382 | Threads: 1 | Questions: 2926 | Slow queries: 0 | Opens: 604 | Flush tables: 1 | Open tables: 541 | Queries per second avg: 0.458 |
Extensions Discovered :: wrote:Components :: SITE ::
Core :: com_mailto (3.0.0) 1 | com_wrapper (3.0.0) 1 |
3rd Party:: WF_AGGREGATOR_DAILYMOTION_TITLE (2.8.2) ? | WF_AGGREGATOR_VIMEO_TITLE (2.8.2) ? | WF_AGGREGATOR_[youtube]_TITLE (2.8.2) ? | WF_FILESYSTEM_JOOMLA_TITLE (2.8.2) ? | WF_LINKS_JOOMLALINKS_TITLE (2.8.2) ? | WF_POPUPS_JCEMEDIABOX_TITLE (2.8.2) ? | WF_LINK_SEARCH_TITLE (2.8.2) ? | WF_ANCHOR_TITLE (2.8.2) ? | WF_ARTICLE_TITLE (2.8.2) ? | WF_AUTOSAVE_TITLE (2.8.2) ? | WF_BROWSER_TITLE (2.8.2) ? | WF_CHARMAP_TITLE (2.8.2) ? | WF_CLEANUP_TITLE (2.8.2) ? | WF_CLIPBOARD_TITLE (2.8.2) ? | WF_CONTEXTMENU_TITLE (2.8.2) ? | WF_DIRECTIONALITY_TITLE (2.8.2) ? | WF_EMOTIONS_TITLE (2.8.2) ? | WF_FONTCOLOR_TITLE (2.8.2) ? | WF_FONTSELECT_TITLE (2.8.2) ? | WF_FONTSIZESELECT_TITLE (2.8.2) ? | WF_FORMATSELECT_TITLE (2.8.2) ? | WF_FULLSCREEN_TITLE (2.8.2) ? | WF_HR_TITLE (2.8.2) ? | WF_IMGMANAGER_TITLE (2.8.2) ? | WF_KITCHENSINK_TITLE (2.8.2) ? | WF_LAYER_TITLE (2.8.2) ? | WF_LINK_TITLE (2.8.2) ? | WF_LISTS_TITLE (2.8.2) ? | WF_MEDIA_TITLE (2.8.2) ? | WF_NONBREAKING_TITLE (2.8.2) ? | JCE - Noneditable (1.0.0) ? | WF_PREVIEW_TITLE (2.8.2) ? | WF_PRINT_TITLE (2.8.2) ? | WF_SEARCHREPLACE_TITLE (2.8.2) ? | WF_SOURCE_TITLE (2.8.2) ? | WF_SPELLCHECKER_TITLE (2.8.2) ? | WF_STYLE_TITLE (2.8.2) ? | WF_STYLESELECT_TITLE (2.8.2) ? | WF_TABLE_TITLE (2.8.2) ? | WF_TEXTCASE_TITLE (2.8.2) ? | WF_VISUALBLOCKS_TITLE (2.8.2) ? | WF_VISUALCHARS_TITLE (2.8.2) ? | WF_WORDCOUNT_TITLE (2.8.2) ? | WF_XHTMLXTRAS_TITLE (2.8.2) ? |

Components :: ADMIN ::
Core :: com_actionlogs (3.9.0) 1 | com_admin (3.0.0) 1 | com_ajax (3.2.0) 1 | com_associations (3.7.0) 1 | com_banners (3.0.0) 1 | com_cache (3.0.0) 1 | com_categories (3.0.0) 1 | com_checkin (3.0.0) 1 | com_config (3.0.0) 1 | com_content (3.0.0) 1 | com_contenthistory (3.2.0) 1 | com_cpanel (3.0.0) 1 | com_fields (3.7.0) 1 | com_finder (3.0.0) 1 | com_installer (3.0.0) 1 | com_joomlaupdate (3.6.2) 1 | com_languages (3.0.0) 1 | com_login (3.0.0) 1 | com_media (3.0.0) 1 | com_menus (3.0.0) 1 | com_messages (3.0.0) 1 | com_modules (3.0.0) 1 | com_newsfeeds (3.0.0) 1 | com_plugins (3.0.0) 1 | com_postinstall (3.2.0) 1 | com_privacy (3.9.0) 1 | com_redirect (3.0.0) 1 | com_search (3.0.0) 1 | com_tags (3.1.0) 1 | com_templates (3.0.0) 1 | com_users (3.0.0) 1 |
3rd Party:: COM_JCE (2.8.2) 1 |

Modules :: SITE ::
Core :: mod_articles_archive (3.0.0) 1 | mod_articles_categories (3.0.0) 1 | mod_articles_category (3.0.0) 1 | mod_articles_latest (3.0.0) 1 | mod_articles_news (3.0.0) 1 | mod_articles_popular (3.0.0) 1 | mod_banners (3.0.0) 1 | mod_breadcrumbs (3.0.0) 1 | mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_finder (3.0.0) 1 | mod_footer (3.0.0) 1 | mod_languages (3.5.0) 1 | mod_login (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_random_image (3.0.0) 1 | mod_related_items (3.0.0) 1 | mod_search (3.0.0) 1 | mod_stats (3.0.0) 1 | mod_syndicate (3.0.0) 1 | mod_tags_popular (3.1.0) 1 | mod_tags_similar (3.1.0) 1 | mod_users_latest (3.0.0) 1 | mod_whosonline (3.0.0) 1 | mod_wrapper (3.0.0) 1 |
3rd Party:: mod_eprivacy (3.10.13) ? |

Modules :: ADMIN ::
Core :: mod_custom (3.0.0) 1 | mod_feed (3.0.0) 1 | mod_latest (3.0.0) 1 | mod_latestactions (3.9.0) 1 | mod_logged (3.0.0) 1 | mod_login (3.0.0) 1 | mod_menu (3.0.0) 1 | mod_multilangstatus (3.0.0) 1 | mod_popular (3.0.0) 1 | mod_privacy_dashboard (3.9.0) 1 | mod_quickicon (3.0.0) 1 | mod_sampledata (3.8.0) 1 | mod_stats_admin (3.0.0) 1 | mod_status (3.0.0) 1 | mod_submenu (3.0.0) 1 | mod_title (3.0.0) 1 | mod_toolbar (3.0.0) 1 | mod_version (3.0.0) 1 |
3rd Party::

Libraries ::
Core ::
3rd Party::

Plugins ::
Core :: PLG_ACTIONLOG_JOOMLA (3.9.0) 1 | plg_authentication_cookie (3.0.0) 1 | plg_authentication_gmail (3.0.0) 0 | plg_authentication_joomla (3.0.0) 1 | plg_authentication_ldap (3.0.0) 0 | plg_captcha_recaptcha (3.4.0) 0 | plg_captcha_recaptcha_invisible (3.8) 0 | plg_content_confirmconsent (3.9.0) 0 | plg_content_emailcloak (3.0.0) 1 | plg_content_fields (3.7.0) 1 | plg_content_finder (3.0.0) 0 | plg_content_joomla (3.0.0) 1 | plg_content_loadmodule (3.0.0) 1 | plg_content_pagebreak (3.0.0) 1 | plg_content_pagenavigation (3.0.0) 1 | plg_content_vote (3.0.0) 0 | plg_editors-xtd_article (3.0.0) 1 | plg_editors-xtd_fields (3.7.0) 1 | plg_editors-xtd_image (3.0.0) 1 | plg_editors-xtd_menu (3.7.0) 1 | plg_editors-xtd_module (3.5.0) 1 | plg_editors-xtd_pagebreak (3.0.0) 1 | plg_editors-xtd_readmore (3.0.0) 1 | plg_extension_joomla (3.0.0) 1 | plg_fields_calendar (3.7.0) 1 | plg_fields_checkboxes (3.7.0) 1 | plg_fields_color (3.7.0) 1 | plg_fields_editor (3.7.0) 1 | plg_fields_imagelist (3.7.0) 1 | plg_fields_integer (3.7.0) 1 | plg_fields_list (3.7.0) 1 | plg_fields_media (3.7.0) 1 | plg_fields_radio (3.7.0) 1 | plg_fields_repeatable (3.9.0) 1 | plg_fields_sql (3.7.0) 1 | plg_fields_text (3.7.0) 1 | plg_fields_textarea (3.7.0) 1 | plg_fields_url (3.7.0) 1 | plg_fields_user (3.7.0) 1 | plg_fields_usergrouplist (3.7.0) 1 | plg_finder_categories (3.0.0) 1 | plg_finder_contacts (3.0.0) 1 | plg_finder_content (3.0.0) 1 | plg_finder_newsfeeds (3.0.0) 1 | plg_finder_tags (3.0.0) 1 | PLG_INSTALLER_FOLDERINSTALLER (3.6.0) 1 | plg_installer_packageinstaller (3.6.0) 1 | PLG_INSTALLER_URLINSTALLER (3.6.0) 1 | plg_installer_webinstaller (2.0.1) 1 | plg_privacy_actionlogs (3.9.0) 1 | plg_privacy_consents (3.9.0) 1 | plg_privacy_content (3.9.0) 1 | plg_privacy_message (3.9.0) 1 | plg_privacy_user (3.9.0) 1 | plg_quickicon_extensionupdate (3.0.0) 1 | plg_quickicon_joomlaupdate (3.0.0) 1 | plg_quickicon_phpversioncheck (3.7.0) 1 | plg_quickicon_privacycheck (3.9.0) 1 | plg_search_categories (3.0.0) 1 | plg_search_contacts (3.0.0) 1 | plg_search_content (3.0.0) 1 | plg_search_newsfeeds (3.0.0) 1 | plg_search_tags (3.0.0) 1 | PLG_SYSTEM_ACTIONLOGS (3.9.0) 1 | plg_system_cache (3.0.0) 0 | plg_system_debug (3.0.0) 1 | plg_system_fields (3.7.0) 1 | plg_system_highlight (3.0.0) 1 | plg_system_languagecode (3.0.0) 0 | plg_system_languagefilter (3.0.0) 0 | plg_system_log (3.0.0) 1 | plg_system_logout (3.0.0) 1 | plg_system_logrotation (3.9.0) 1 | plg_system_p3p (3.0.0) 0 | plg_system_privacyconsent (3.9.0) 0 | plg_system_redirect (3.0.0) 0 | plg_system_remember (3.0.0) 1 | plg_system_sef (3.0.0) 1 | plg_system_sessiongc (3.8.6) 1 | plg_system_stats (3.5.0) 1 | plg_system_updatenotification (3.5.0) 1 | plg_twofactorauth_totp (3.2.0) 0 | plg_twofactorauth_yubikey (3.2.0) 0 | plg_user_contactcreator (3.0.0) 0 | plg_user_joomla (3.0.0) 1 | plg_user_profile (3.0.0) 0 | plg_user_terms (3.9.0) 0 |
3rd Party:: PLG_AJAX_EPRIVACY (3.10.13) ? | plg_content_jce (2.8.2) 1 | plg_editors_codemirror (5.40.0) 1 | plg_editors_jce (2.8.2) 1 | plg_editors_tinymce (4.5.11) 1 | plg_extension_jce (2.8.2) 1 | plg_fields_mediajce (2.8.2) 1 | plg_installer_jce (2.8.2) 1 | plg_quickicon_jce (2.8.2) 1 | PLG_SYS_EPRIVACY (3.10.13) ? | plg_system_eprivacygeoip (3.10.13) ? | System - Helix Ultimate Framework (1.1.1) 1 | plg_system_jce (2.8.2) 1 | plg_system_jcemediabox (2.0.13) 1 |
Templates Discovered :: wrote:Templates :: SITE :: beez3 (3.1.0) 1 | protostar (1.0) 1 | shaper_helixultimate (1.1.1) 1 |
Templates :: ADMIN :: hathor (3.0.0) 1 | isis (1.0) 1 |
Last edited by toivo on Mon Feb 10, 2020 1:26 pm, edited 1 time in total.
Reason: mod note: disabled smilies in post Options for readability

alfabeto
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Jan 20, 2020 8:59 am

Re: Database erased

Post by alfabeto » Mon Feb 10, 2020 11:49 am

toivo wrote:
Mon Feb 10, 2020 11:29 am
alfabeto wrote:I realized that the php console has access through the public IP http://xxx.xxx.xxx.xxx/phpmyadmin/index ... =1&lang=es and don't ask user and password

How can avoid that?"
You need to tighten up the database security, first of all.

There are several ways you can stop outsiders and even insiders from accessing the database directly. Does the LAN have a firewall?

Set up an .htaccess file that prompts for username and password when a visitor browses to the folder where phpMyAdmin is located. The .htaccess file can also be set to limit access to the folder to certain IP subnet only, whereby only local users in the LAN can access it.

In the absence of adequate security measures in the LAN we cannot exclude the possibility that there is malware hiding in other workstations, too.

Have you thought about finding a host that can manage the web server and its security?
As I said, I am a newbie with joomla and I don't have confidence setting it up.


I have put the security settings that came in some guide and little else. I guess it's not enough.

I am aware of the need to migrate the website to a host, but I did not think about it in the short term.

I will investigate what you tell me about the security of mysql, although I'm not sure how to deal with it.

Any suggestions would be welcome

User avatar
AMurray
Joomla! Champion
Joomla! Champion
Posts: 5662
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Database erased

Post by AMurray » Mon Feb 10, 2020 9:51 pm

I'm backing up the website by copying the MAMP Folder.
Backing up by *copying the files* is half the job - but is not actually backing up your site content, since that's in the database.

For moving and restoring, I'd advise you to use Akeeba Backup. https://extensions.joomla.org/extension/akeeba-backup/. You can't really go wrong with that utility. It makes backing up and restoring sites very easy.

Noticed a couple of things from your FPA:
Max. Upload Size: 32M | Max. POST Size: 8M
Max. Post size should be larger or equal to Max Upload Size.
Make both 32M.

You should also update to the latest JOomla, 3.9.15. Also review your extensions, I can identify a few that are out of date - JCE editor for one.
Regards,
--------------------------------------------------------------
A Murray
Millennium Falcon - it's the ship that made the Kessel run in less than 12 parsecs! The fastest hunk of junk in the galaxy.

alfabeto
Joomla! Apprentice
Joomla! Apprentice
Posts: 13
Joined: Mon Jan 20, 2020 8:59 am

Re: Database erased

Post by alfabeto » Tue Feb 11, 2020 9:05 am

AMurray wrote:
Mon Feb 10, 2020 9:51 pm
I'm backing up the website by copying the MAMP Folder.
Backing up by *copying the files* is half the job - but is not actually backing up your site content, since that's in the database.

For moving and restoring, I'd advise you to use Akeeba Backup. https://extensions.joomla.org/extension/akeeba-backup/. You can't really go wrong with that utility. It makes backing up and restoring sites very easy.

Noticed a couple of things from your FPA:
Max. Upload Size: 32M | Max. POST Size: 8M
Max. Post size should be larger or equal to Max Upload Size.
Make both 32M.

You should also update to the latest JOomla, 3.9.15. Also review your extensions, I can identify a few that are out of date - JCE editor for one.
Thanks for your reply, I really appreciate your feedback.

I've heard about the software Akeeba Bachup, I will get on it immediately.

Regarding what you mention about Post size I'll check it. I guess it will be changed through the administration console

As for the update I didn't want to break anything and that's why I didn't update. I guess the plugins must be updated first.

As for security, I made a change in mysql and set this value $cfg['Servers'][$i]['auth_type'] = ‘cookies’; but I recived this error "Invalid authentication method set in configuration: ‘cookies’". Although it seems that I got nobody to access phpMyAdmin and not delete the databases

User avatar
tonytranupc
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Mon Sep 12, 2016 4:14 am

Re: Database erased

Post by tonytranupc » Tue Feb 11, 2020 3:37 pm

You should backup the database more often to keep everything safe, even for a just started project. It's a habit I always keep!

Tony Tran
A tech enthusiast and editor
My latest computers and smartphone step-by-step guides
https://bytebitebit.com/author/tonytran/

User avatar
leolam
Joomla! Master
Joomla! Master
Posts: 20042
Joined: Mon Aug 29, 2005 10:17 am
Location: Netherlands/ UK/ S'pore/Jakarta/ North America
Contact:

Re: Database erased

Post by leolam » Sun Feb 16, 2020 5:50 am

some observations on the server environment.

Andy mentioned correct the upload/post limits....change accordingly

Change Apache2handler to CGI-FCGI. Faster an better and no ownership issues (files and folders are owned by 'user' an not Apache

Install mod_security. This is essential to protect your server.

Leo 8)
Joomla's #1 Professional Services Provider:
-> Joomla Professional Support: https://gws-desk.com -
-> Joomla Specialized Hosting Solutions: https://gws-host.com -
-> Joomla Webmaster Services: gws-webmaster.services

Gianluca-Oddle
Joomla! Apprentice
Joomla! Apprentice
Posts: 30
Joined: Sat Feb 15, 2020 10:44 pm

Re: Database erased

Post by Gianluca-Oddle » Sun Feb 16, 2020 5:18 pm

I'm not too sure on how to resolve this as it's a bit beyond my scope however, as you are new I would definitely advise getting into a habit of doing regular backups - even if this doesn't technically give you a full back up as far as content goes. It's still a good habit to train yourself to have, and can save you from many headaches further down the line.

 

Post Reply

Return to “Security in Joomla! 3.x”