today 2 joomla and two standard sites' index.php and index.html got
Hacked by clim
reload-x-defacer

The host said it must have come through one of the joomla sites. Though I'm skeptical about that - it seems that to get access to all four sites they have to go in through the primary in order access the 3 addon domains. I only handle the 2 joomla sites, so it got dropped on me.

It's fixed now, but I want to prevent this from happening again - as much as is feasable.

I've checked around found that there are reliable extensions to help.
Akeeba extensions get strong recommendations. Others tout RSFirewall as the best solution.

I'm ready to commit, but I could use some serious guidance as to the best choice. What are your "best of" for security?

Hi,

Not sure about the two you mention - although there was a review of extensions available - Anthony listed it on his Twitter - trying to vain to rack my shrinking brain for where it was

Are you changing the superadmin number?, database prefix for databases (don't think you want to do it with existing sites), looked at Jsecure (don't forget your password)?

Cheers
Paul

Hey folks,

A recent review by Jeff Chandler looked at all of the security options for Joomla (But for soem reason I cant find it now). My sense was that there are no perfect solutions out there and it made me think that the best case scenario is to have someone look over your site for you.

Ive used Brian Teeman and Phil Taylor before and they are both very reliable and knowledgeable when it comes to locking down a Joomla server.

One thing to be wary of is that once a site is hacked the hacker often leaves a rootkit on the server that can provide access to the site even after the hack is fixed. They often disguise this to look like a common file or image file even. Id recommend bringing someone in to take a look personally. You can never be too careful.

Hoep that helps.

Anthony

Might help if I spelt his name properly: Jeff Channel.

Interesting post here:

www.torkiljohnsen.com/2010/09/18/collection-of-joomla-security-tips/

Anthony

I put in an email to Brian Trajan, but haven't heard back yet. But so far so good, fingers crossed.

Brian Teeman?

IMO, your best protection comes from a well configured host. Poor hosting environment and it won't matter what you do, your site could be offline and your account could be hacked by compromising another account on the same machine. A well configured host will make that impossible.

Above that I personally use (and love) Admin Tools Pro, it offers great protection and importantly allows you to easily change admin id and DB prefix.

The other good defence is to have a *lot* of backups, so you always have something to fall back to in case the worst happens again.

yes, I meant Teeman, typos, typos.
These particular sites are on a very reputable host, not the one I use for my own sites, but they have an excellent track record.

Thanks for the recommendation. I just purchased the Akeeba Back up pro and Admin Tools pro package.

Another great tool from Akeeba is the site diff tool. It allows you to compare two backups and see what has changed; the easiest way to see what the hackers have left behind!

While I've been reading the documentation before installing AdminToolsPro on all the sites I work with, another one was hacked.

But this site is on my host of preference, and boy, what a difference. They caught the exploit, identified the security hole, disabled the problem extension and sent me the log.
The hole was found in JCE Editor 1.5.7.6, which is the most recent. I've got a note in to JCE. I sure hope they fix it soon.


And I'll get and utilize the site diff tool. Thanks for the help.

Sorry to hear you got hacked again, but glad to hear that your host seem to have your back covered! There sure is a lot of difference between good and bad hosts.

Thanks for the tip about JCE

I see there is now a security update for JCE.
Question: What is the best way to update? Just install the new version over the old one?

For this particular update I suggest doing it old school
Uninstall the old and install the new. That way you'll be certain nothing from the old version is lurking.

Yeah that worked just fine.

Yep highly recommend upgrading to the latest.

Anthony

Well, Teeman has yet to reply. So I'm trying to double check everything myself.

I downloaded the site and did a search for base64. It seems that there are indeed some components that utilize base64, including Akeeba Backup and Acymailing.
Google says the site appears clean/safe, as does www.unmaskparasites.com/, but I'm still leery.

Any further suggestions?

Yep thats the difficult thing because base64 is a reasonable way to encode some stuff. Perhaps try Tom Canavan www.salvusalerting.com/ he maybe able to help.

Anthony