Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 4 of 4
  1. #1
    WDF Staff m3n0tu18's Avatar
    Join Date
    Jul 2011
    Location
    Devon, UK
    Posts
    1,473
    Member #
    28473
    Liked
    265 times
    Hi All,

    Okay as some of you know my complete (YES COMPLETE!!) domain and all the subdomains and other domains within my host got hacked. I have contacted the Hosters and they have (apparently) removed the malware.

    My question is. As I run off of Joomla backbone for the majority of my sites, is there anything I can do to prevent this kind of thing from happening again? I dont know anything about .htaccess at the moment but will be learning.

    Obviously Sentence passwords is a must. But now this has happened to me and my clients its imperative I put a more structured security in place.

    Would going to a sub directory in the domain help? EG www.frixel.co.uk redirects to www.frixel.co.uk/site

    Any advice would be most appreciated.

    Thanks.

    Marc
    If you like my comments to your thread please click the LIKE button

    Check out my portfolio: Here!
    View my company Facebook Page
    View my company Website

    <<Plrease ignoer my typo's I have isdexlyia>>

  2.  

  3. #2
    WDF Staff AlphaMare's Avatar
    Join Date
    Oct 2009
    Location
    Montreal, Canada
    Posts
    4,570
    Member #
    20277
    Liked
    878 times

    Joomla works off a database in much the same way WordPress does. I'll give you a few tips that I use for WP that could easily be implemented in Joomla. Unfortunately most of them have to be implemented during or immediately after the install.
    • change the prefix for the database during the install. For example, the default prefix in WordPress is wp_ but I never use that. Sometimes I'll use a descriptive word specific to the site, sometimes the client's initials, the name of their dog, whatever. That makes it harder for a hacker to get at the database.
    • Change the name of the file that presents the login page. In WordPress it's "wp-admin.php" . Again, I change it to something different, and different from the database prefix - maybe the client's street, maybe the name of the city he's in, maybe something the client suggests as easy to remember and obscure. A hacker trying to pull up the admin dashboard is unlikely to figure out they have to type in "hudson-qc.php" to get to the login page.
    • make sure all the permissions that may have been left open during the setup are closed again
    • Keep your database username and password Safe by adding the following to the .htaccess file at the top level of your install: <FilesMatch ^config-file-name.php$>deny from all</FilesMatch> (of course you'll change the filename to whatever your config file is actually called)
    • use ssh/shell access rather than FTP when uploading files
    m3n0tu18 likes this.
    Good design should never say "Look at me!"
    It should say "Look at this." ~ David Craib


    http://digitalinsite.ca ~ my current site . . info@digitalinsite.ca ~ my email

    If you feel that someone's post helped you fix your problem, answered your question, or just made you feel better, feel free to "Like" their post. The "Like" link is at the bottom right of each post, along side the "reply" link. And if you are being helped here, try to help someone else - pass it on!

  4. #3
    Senior Member Ronald Roe's Avatar
    Join Date
    Mar 2011
    Location
    Oklahoma City
    Posts
    3,141
    Member #
    27197
    Liked
    959 times
    Are you on WebHostingHub, by chance? We got hacked too. Thankfully, they only dropped their own index files in there, and I just had to re-upload mine.
    Ron Roe
    Web Developer
    "If every app were designed using the same design template, oh wait...Bootstrap."

  5. #4
    WDF Staff m3n0tu18's Avatar
    Join Date
    Jul 2011
    Location
    Devon, UK
    Posts
    1,473
    Member #
    28473
    Liked
    265 times
    Quote Originally Posted by AlphaMare, post: 220335
    Joomla works off a database in much the same way WordPress does. I'll give you a few tips that I use for WP that could easily be implemented in Joomla. Unfortunately most of them have to be implemented during or immediately after the install
    Cheers AM I shall implement these on the next install I do.

    Quote Originally Posted by Ronald Roe, post: 220343
    Are you on WebHostingHub, by chance? We got hacked too. Thankfully, they only dropped their own index files in there, and I just had to re-upload mine.
    No man, Justhost.com - They have been really reliable until I had this issue, and 4 days and about 12 people later I finally got something sorted. It was one person I got through to yesterday who told me about th .htaccess files. So I have secured the file and the sub .htaccess in my Joomla Installations... I then installed a security pack on the Joomla 1.5 that I created. Everything seems back to normal again...Thankfully....
    If you like my comments to your thread please click the LIKE button

    Check out my portfolio: Here!
    View my company Facebook Page
    View my company Website

    <<Plrease ignoer my typo's I have isdexlyia>>


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 10:23 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com