Published by Evil Bee
Sunday, 22 July 2007 14:44
Joomla and other content management systems often get a swift kick in their binary crotch when a site gets hacked. Here's a comment from a professional host admin, the guy who is responsible for server security...
"The installed Joomla is trivially crackable"
Here's the problem: Joomla, WHEN properly installed with the most current version is very secure. The key there: "properly installed" which implies more than just making sure the most current security patches/ upgrades have been applied.
What is common in almost all Joomla sites of any size: Multiple components are installed to boost functionality. Editors, image galleries, forums, shopping carts... all these need to be just as secure as Joomla, as one hole is all that's needed.
When we first started getting reports of hacks a year ago, it was mostly overwriting the configuration.php file which resulted in simple defacement. As long as you had a good copy of that file, the fix was in place in a few minutes.
Read more: Is Joomla a Secure Platform for a Business?
Published by Evil Bee
Thursday, 12 July 2007 15:17
After you have finished with the IMMEDIATE part, then you can move on to the investigation and restoration part...
2. SECONDARY ACTIONS
A. Review application inventory
What was on the site? Content management system, image gallery, forum... There should be a sheet of documentation somewhere that tells which version of each is installed along with the location. Sadly, most companies to not have this. Most developers/installers don't provide it unless it's specifically requested.
Read more: What to do when you've been hacked? - part2