It happened again today, I was contacted by a Joomla user who's site had been hacked...

Being hacked is no slur on Joomla. It remains one of the most secure and stable CMS's available. But, in order for it to be secure it needs to be installed and configured properly and certain precautions need to be taken. Namely, keeping your site and 3rd party components up to date.

In this case the hacker gained access to the server and overwrote only one file. It was enough to display a bright red screen toting a Turkish flag and preventing any access to the site or backend.

However, it could have been a lot worse. The hacker could have completely wiped the servers or corrupted the database. He (or she) could have installed malicious scripts or a multitude of other things. What he did is highlight a security flaw, a chink in the armour which was quickly repaired and measures are now in place to stop this from happening again.

And, it seems this hacker has been busy as a Google search of their tag showed many sites currently affected by this persons handy work.

It goes to show that it doesn't matter who you are or what type of site you have, anyone's site can get attacked.

The motto of this story - BACK UP, BACK UP, BACK UP

More information about Joomla security can be found at the following links.
Joomla Security Forum
Joomla Administrators Security Checklist

john-pitchers-avatar smAbout John Pitchers

John Pitchers is co-founder and lead developer at Joomstore where his primary role is the design and development of Joomla websites. He is also the developer of the FocalPoint maps extension for Joomla. John has been building CMS based web sites since 2004, originally working with Mambo before it forked into Joomla. When not writing PHP, Javascript or CSS you'll find John carving up the hills around Baldivis on his longboard (long before Walter Mitty made it famous).

Find out more about John on his About.me page and . Follow John on Twitter.

Leave a comment