Yesterday afternoon my entire hosting account with HostGator was hacked, new index.html and index.php files with the Turkish flag and music playing were placed into over 20 websites. It was a big shock. I was able to restore everything quickly by simply replacing the index.php with the original Joomla index.php.

HostGator claims they broke in through the admin in an older install of wordpress I have and then obtained access to my entire hosting account, I am going to be moving that wordpress site into its own little account somewhere because I cannot upgrade the install without breaking the whole site with the shopping cart plugin (this was before I found joomla!), and this kind of vulnerability is not fun!

A question: can hackers get into my whole hosting account through Joomla too? I have taken the small steps of changing the default admin login, database prefix, SEF url, and akeeba backups stored on my hard drive and on dvd but this could turn into a nightmare if it gets repeated on a heavier scale. Any thoughts? Thanks, Carin

Ouch, sorry to hear that Carin.

I would caution though that any changes may be very hard to detect, and you should not assume that Joomla is not still compromised. You can't ever really trust a known hacked site again. Any half-competent hacker will also have backdoored your sites.

To answer your question; if it is not properly secured, yes. This is why it is essential to keep everything up to date.

I think you should consider restoring all your sites to known good, pre-hack versions from backup. You can use the Akeeba sitediff tool to compare hacked/good versions to be sure: www.akeebabackup.com/software/akeeba-sitediff.html

Yep I would second that.

Often hackers place root kits that enable access tot he site in oddly named files - Slightly misspelt or files that are discreetly hidden in a sub sub folder. If you download the backups and do a scan for the text "base64" you will get some false positives - some J files use that - but it may reveal the files in question. Although it can be hard to locate some as they are expertly hidden.

If you need pro help Id recommend Brian Teeman - brian.teeman.net or Phil taylor www.phil-taylor.com/ - they have help me in the past.

Best of luck.

Anthony

Thanks you guys, I guess "resore site" is an apt typo, ouch is right. I will be using the Akeeba tool right away, and thanks Anthony for the referrals, take care, Carin

Great recommendations from Anthony.

One other thing, you might want to look a another host once you sites are cleaned. Seems like HG are trying to put all the blame on you, when in fact they are also responsible for the security of a shared server. For all you know, someone elses account was compromised and that is how they got access to yours.

Good luck Carin, let us know how you get on.