Close

Results 1 to 4 of 4
  1. #1
    DF Jedi Zippeyrude's Avatar
    Join Date
    Dec 2002
    Location
    UK
    Posts
    4,300
    Thanks
    235
    Thanked:        778
    Karma Level
    490

    Default 'security test' a site ?

    Im not asking someone to hack a 3rd partys site

    The front page to a site i am an admin on was hacked recently.

    The hackers hijacked / renamed the front page index.php file.

    Now, in not a tecchie and the tech guy said we needed 644 permissions on the file (from joomla).

    Interestingly the hacked file had 644 permissions so we're not quite sure how the site was exploited that permitted the file rename.

    Would anyone mind helping me understand where the hole in joomla or the install is so that we can tighten the security up ?

  2. #2
    DF PlaYa Bodman's Avatar
    Join Date
    Feb 2001
    Location
    Bodsworld
    Posts
    911
    Thanks
    14
    Thanked:        30
    Karma Level
    287

    Default Re: 'security test' a site ?

    Is your server fully patched up and are you using the latest version of Joomla

  3. #3
    DF Jedi Zippeyrude's Avatar
    Join Date
    Dec 2002
    Location
    UK
    Posts
    4,300
    Thanks
    235
    Thanked:        778
    Karma Level
    490

    Default Re: 'security test' a site ?

    joomla has been updated yes, not sure about the server. its externally hosted by a reputable comp so i presume any server updates are good.

  4. #4
    DF PlaYa Bodman's Avatar
    Join Date
    Feb 2001
    Location
    Bodsworld
    Posts
    911
    Thanks
    14
    Thanked:        30
    Karma Level
    287

    Default Re: 'security test' a site ?

    unfortunately there could be a million different ways into the site. Once you renamed your index.php did you check all the other files and also their security.

    Has anything else been changed, are the chmod permissions all correct. I would also change all of your site passwords. Yeah I know the password file is MD5 encrypted but that’s not 100%, check the logs as well so you can see what else has gone on.


    Do you have a backup of the site. A copy that definitely hasn't been messed with. If so it might be a good idea to up that one instead.


    //Bod

Similar Threads

  1. Replies: 6
    Last Post: 24th December 2013, 10:23 AM
  2. Security site in China with downloads
    By unclex in forum System Security
    Replies: 0
    Last Post: 20th February 2008, 06:10 PM
  3. a security site
    By ABCMan in forum System Security
    Replies: 3
    Last Post: 9th June 2004, 01:18 AM
  4. Replies: 1
    Last Post: 9th April 2003, 12:24 PM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •