|
How can I make my Joomlasite secure if I think it has been compromised?
Change all passwords: Immediately change all your passwords, including shell access, FTP access, Joomla! Administrator accounts, and the database account.
Check the log files: Try and identify how and when you think the attackers gained access to your site by carefully checking your server logs. Make a note of the date, time and names of the attacked files. Note that these logs may have been deleted or altered, so a lack of evidence does not prove a lack of activity.
List recently modified files: Before making any changes to your site, make a list of all your recently modified files. Use this list to identify new files that you don't remember being responsible for creating. Pay particular attention to their creation and modification dates, and correlate them to the dates of attacks shown in your log files. Check your modified files list for any files that were recently changed. Pay particular attention to the modification, and correlate them to the dates of attacks shown in your log files.
Contact your ISP (Internet Service Provider): If you have identified how you were attacked, report the method to your ISP. If you are on a shared server, you may habe been attacked through another vulnerable site on your server. Report this to your host. A reputable host will appreciate your efforts in this area.
Delete the entire public_html directory: This is the best way to guarantee that every potential vulnerability in that site is removed. You are obviously deleting the whole of your site. Have you got a backup of your site that you know has not been hacked into?
Delete related database records: This step may only be possible if you have good backups. Simple hackers, who are only trying to mark your index page, may not attack your database, but professionals are usually very interested in confidential data, such as passwords. They may pose as "script kiddies" to avoid suspicion while repeatedly harvesting confidential information from your database.
Reinstall everything: Use pre-hacked backups if you have them
Reset critical passwords again: Reset your passwards again now that your server is finally cleansed of any possible, hidden trojan horses. Use passwords that contain characters and numbers and not your favourite football club or wife's name
Rebuild site: If you are unable to rebuild from clean backups, rebuild your entire site using original, pre-crack installs. Use only the latest stable versions of all software, and check the List of Vulnerable Extensions
Review security processes: Follow standard security precautions for important settings in php.ini, globals.php, configuration.php, .htaccess, etc.
Stay watchful: Attackers often return repeatedly. Closely monitor your raw logs for suspicious activity.
If you want to get started quickly then Subscribe to my Free Joomla! Tutorials by clicking on the link below:
|
