Please read through the various postings http://forum.joomla.org/index.php/board ... tml.
A number of extensions are insecure. Please update any extensions you have on your site, either install a clean installation of Joomla with updated extensions and then restore your data from your database, or go through each and every folder and file in your current installation to make sure there are no hidden files buried in your current installation before making it live again.
Best practices for security are to subscribe to the Announcement forum regarding updates to Joomla!, but more importantly also keep an eye by subscribing (if available) to any annoucements from the extensions that you use. Keep track of your versions to make sure you are running the most current and secure version of any of your extensions.BACK UP
your files and your database on a regular basis so that recovering from sudden problems isn't a heartache and a headache. If you have good clean backups the restore and update process can be quite a lot less painful.
Make sure your hosting company is following best practices for security on their servers and more can be read about that in various posts throughout the security forum.
Permissions on your files should be 644 or for folders 755. If you need to change or add anything, you can make both writable for the short period you are updating/changing - then set permissions back to unwritable.
There is no surefire way to be protected from all security issues, due to the fact that as a security issue is solved, the people that wish to crack/hack find ways around the fixes to do what they want to do. Using good basic security practices will help protect you.
- Back up regularly and keep a local copy of your site on your local machine
- Make sure your permissions are the most secure you can make them
- Update any and all programs or extensions you may use to create your site, keep informed of security issues and update immediately[*:[spam] log files for any suspicious activity or useage at your site