General Talk/Questions/Comments

[jimbondox]

Don't know what I could of done, it was pretty new. I used Emma Smooth template. when I go to it, it says: "Hacked By Metropolis "

I did a quick look in the back-end and everything seems to be there, modules, articles, menus, etc...

I haven't been to the site in a week or so, was still working on it, and had no back up of it, because it wasn't done.

Where should I look for the way to fix this?

when I go to "view page source" in fire fox, none of the HTML comes up, but in the back end of the template all of it is there???

where can I look to see what happened?

[jimbondox]

here is what I found:

in my index php: his signature

but what is the google sitemap zip folder??? I didn't think it was there before

[jimbondox]

OK,

I copied my index php file from another joomla installation then replaced it with the messed up one... and the site is back on line.... but i am wondering how he did it now and if my other sites are vulnerable?

it wasn't through the server as he could of took 4 sites off line and deleted everything,

it wasn't through the ftp as it would of been the same as above

so i am assuming it was through the website itself

 

[mikek]

Hello,

I am sorry to hear your site was hacked. However, hacking is almost always caused by security issues on your server. ie: shared servers, software not up to date, mis-configured firewalls, etc. You can have your host to address any of these issues. There are also anti-hacking components you can install such as this one:

http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/8384

[jimbondox]

Thanks, I did get it back on line. I forget what file they messed with, but as much as an idiot the guy was that did it, he at least did not jack the whole site. It is definitely a wake up call for sure

[scept1c]

I faced the same issue, the problem was in my host's poor security. Thanks for the anti-hack components.

[jleckenby]

The following is also worth a read:

http://docs.joomla.org/Category:Security_Checklist

When I install Joomla, I go overboard myself. Joomla! is opensource software and as such very exploitable given that anyone can download its code. I always lock the permissions down on folders and files as far as they will go, and disable directory browsing. It's also an idea if you are really worried to use htaccess password protection (http://www.javascriptkit.com/howto/htaccess3.shtml) on the backend, and even limit access by IP.

Little things make a big different in security!

[jimbondox]

Thanks

[biff]

There are a few things that you can do to protect yourself against hackers. Of course it always helps if you are on a secure server. It is always good too back up your site every time it is updated. This can protect you in the event of a hacker attack, as well as against other unexpected surprises such as sever failure. There is also allot of software out there which can help you keep your site as secure as possible.

Biff
www.neverfailgroup.com