It's taken quite awhile but Spirit's Dawn can now be rolled out and welcome visitors. It's not perfect and I've got to add a little here and a little there. The main additions will come from the people who find and add their voice to her.

Anthony, I hope you like it and the concept behind it.

Thanks.

Scott

www.spiritsdawn.com

Scott,

Outstanding work on re-shaping the Elevate2 theme to meet your vision. I know this took you awhile to put this all together and it shows... great job!

Ed

Yep looks great Scott

Hacked?

Yep looks like it. Let us know if you need some help with pointers for fixing it Scott.

Anthony

Yep. I noticed it a few days ago myself. I don't have the foggiest idea of where to begin to fix it. That's the problem.

This is a good place to start, I am sure others will also have recommendations:

brian.teeman.net/tips-and-tricks/help-my-joomla-web-site-has-been-hacked.html

And once you have it fixed, ways to harden your site:

www.dionysopoulos.me/blog/things-to-do-before-your-site-gets-hacked

www.dionysopoulos.me/blog/making-your-joomla-sa-secure

Thank you for the links Seth. I'll be taking a look at them to see if I can undo the damage.

Your best bet is to probably just go back to the oldest possible backup you have, and then harden the site.

Expolits are often very difficult to remove. Better to revert to a pre-exploit backup.

Hi Seth,

Read the articles with interest only problem was didn't understand most of it!
What do you think about this - extensions.joomla.org/extensions/access-a-security/site-security/site-protection/13233

I was a bit naughty and removed some code on it

Cheers
Paul

I have no experience of the extension, so I wouldn't like to say.

Personally, I think .htaccess can provide the best level of protection. That and a secure, well configured hosting environment. If your host isn't set up properly, it doesn't matter what you install, you are still vulnerable.

Paul,

I was planning on creating a new post just for this new Joomla plugin but I'll use yours as an example. The extension you reference is quite good and does offer a level of protection not currently available for free. Again the link is;

extensions.joomla.org/extensions/access-a-security/site-security/site-protection/13233?qh=YToxOntpOjA7czoxMDoic2l0ZWdyb3VuZCI7fQ%3D%3D

It was developed by SiteGround (a web hosting company) that I've done a great deal of business with as a customer and have a great deal of respect for. This is their first Joomla extension and where better for a hosting company to start but with a security application. This extension along with a 'very strong' and 'ever changing' database password will keep SQL Injections at bay. A few months ago I noticed this extension as part of their Joomla hosting package and quickly added it to all of my Joomla web sites regardless of who the host was or is. It's simple, effective and smart on how it performs it's duties. In no way should this be your only defense against hackers. Creating clean backups and daily SQL backups is key in getting a hacked site back online. Hope this info is helpful...

Ed

Right I'll add it to my must install extension list
- I must admit the only stuff I do is jsecure and daily backups. Beginning to think I must do more for my clients

Thanks
Paul

Paul,

Wanted to add an additional FYI regarding web hosting security. If you are on a 'shared' hosting server and another client on the server gets hacked or has security holes (old, out-dated core apps that use MySQL as their database) you could become infected or get hacked as well. Because it is a 'shared' host, what happens on that server can and will effect you directly.

Ed

ah, that's a problem as all the client sites are on shared hosting!
Have to think about that one

Good to know
Cheers
Paul

On a well set-up shared host it shouldn't be an issue. That said, they are in the distinct minority.

Strong (really strong) passwords and disabling user 62 are tried and trusted J! security. Weak passwords are the best entry point....

I guess the other thing is that vps (Virtual Private Servers) are pretty cheap these days and that if you are doing this professionally you can easily offset the cost in your hosting rates.

Ive used hostican in the past and they have been very good.

Cheers Anthony

I site I developed for a client was recently hacked so I have been looking into joomla site security more intensely lately. Am I missing something about utilizing strong passwords and encrypting the administrator backend. Some of the how to joomla hacking tuts I've looked at use password requests and simply rewrite a new password. They could care less about going to your administrator backend and are independent of the strength of your password. I agree with previous posts on this forum that one of the strongest things to secure your site is a good htaccess rules and hosting environment.

Many layers approach. Over-reliance on a single security measure is a sure way to feel the pain. No security is foolproof, it is just a question of when.

That said, multiple layers of security combine to make penetrating a well-secured site more hassle than it is worth. The perps just move on to an easier target...

Your best security is almost certainly a good backup!