A few years ago a site I hosted on a shared hosting server was deleted by someone who had gained entry via a hole on an unrelated site on the server. Being fairly new to web development and to Joomla I had no idea of where to start and what to look for. Steve from Alledia recommended Tom as the best in the Joomla security business and after my initial contact with him via skype it was only a matter of hours before my site was back up and running - fully loaded, locked down and ready for action.
That was a few years ago now, I've said "bye bye" to the server in question and now I thoroughly research servers that I use and tend to get a string of recommendations from people I trust before I commit to them. A lot has changed in the Joomla landscape as well - Joomla 1.0 is in the last few weeks before its official end of life, Joomla 1.5 is in its eleventh iteration and Joomla 1.6 is just around the corner - so I figured that now was a good time to catch up with Tom to get some idea of the challenges that face Joomla users in the present climate as well as some tips on how best to secure your Joomla site.
What are some common mistakes people make that leave their joomla site vulnerable to attack?
There are a few, yes. I would say the top one in the 1.x.x days was permissions and the basic stuff like Global Registers, safe mode, etc.. However I would say today one of the more common (Not only common to Joomla) is the lack of a patching methodology. In other words, keeping up with patches on their extensions on Joomla, on their OS and server. That is SORELY lacking in many websites large and small.
What's the worse case of a hacked site you have seen? ... Without naming any names of course.
BY far there have been two -one in Los Angeles and One in Australia that were bad. Both shared a common theme, that is, I removed the root kits, the other scripts and so forth and they would return. The second one (in Aus) was most interesting. I believe there to have been a CRON (timer) job running that kept restoring the malware. It would show up very regularly - the host told my customer that I should refund his money (for removing the root kit and pointing out the issues). I laughed, thinking, the bad guys PWND your server and you think I need to refund YOUR client who you wouldn't help...hmm. By far these two have been been nearly the worst .
However the WORST was one I worked on (again in LA California but a different client) - the client whom I spent around 10 or 11 hours removing tons and tons of malware, and he was on a Windows server (my first time seeing Joomla on Window) - at the end of it , the customer did not want to pay for my services. By far - the worst technically and financially.
Are some hosts more secure than others. Are there some you recommend? or perhaps others you suggest to avoid?
There are MANY good hosts out there - and even more bad ones. I do not recommend hosts, in case they turn bad.I have a short lists of hosts I ALWAYS recommend against due to past performance - but I hold out hope they will change - I can offer some tips however:
- do they answer the technical support line in a timely fashion at any hour of the day and speak your language
- How long have they been in business? If under a year, they haven't been "tested" by the tides of the Internet.
- When you call or chat, ask the sales person about their Redundant power, if they conduct backups, if their Data center has windows (as in glass) and this usually draws a laugh - seriously this is important for cooling, security, etc
- Ask what their PATCHING methodology is
- Lastly - google around a bit - you mght find a good report or bad.
How can you tell if your site has been hacked? Assuming they haven't defaced it a well.
ah - yes - defacement's are the Internet Equivalent of Graffiti on a wall. One of the best ways is to learn how to watch your log files, learn to read them that is. If you watch them regularly you will see a pattern emerge. By watching those logs you can see if a change occurs, that is an unexpected change. Another item to watch is your bandwidth in our out - if you know you consume a certain amount a month and then it jumps up to 3x that amount - its a GOOD sign that you have an unwanted guest. At the end of the day, its about learning to watch your logs. They are your best friend.
Where can people go to see if their extension is insecure?
There are several - but one of the BEST is milW0rm.com. This site leads more than most on vulnerabilities.
We provide a range of services including a basic health check, an advance healthcheck and of course removal of Root kits, viruses and other mischief.
If you purchase one of Joomla Rescue's healthchecks using the coupon code JuneSpecial - during the month of June 2009 you will receive $150.00 off Health Check 1 and $200.00 off Health Check two.