Close

Results 1 to 4 of 4
  1. #1
    DF VIP Member Zippeyrude's Avatar
    Join Date
    Dec 2002
    Location
    UK
    Posts
    4,317
    Thanks
    238
    Thanked:        792
    Karma Level
    534

    Default 'security test' a site ?

    Im not asking someone to hack a 3rd partys site

    The front page to a site i am an admin on was hacked recently.

    The hackers hijacked / renamed the front page index.php file.

    Now, in not a tecchie and the tech guy said we needed 644 permissions on the file (from joomla).

    Interestingly the hacked file had 644 permissions so we're not quite sure how the site was exploited that permitted the file rename.

    Would anyone mind helping me understand where the hole in joomla or the install is so that we can tighten the security up ?

  2. #2
    DF VIP Member Bodman's Avatar
    Join Date
    Feb 2001
    Location
    Bodsworld
    Posts
    911
    Thanks
    14
    Thanked:        30
    Karma Level
    351

    Default Re: 'security test' a site ?

    Is your server fully patched up and are you using the latest version of Joomla

  3. #3
    DF VIP Member Zippeyrude's Avatar
    Join Date
    Dec 2002
    Location
    UK
    Posts
    4,317
    Thanks
    238
    Thanked:        792
    Karma Level
    534

    Default Re: 'security test' a site ?

    joomla has been updated yes, not sure about the server. its externally hosted by a reputable comp so i presume any server updates are good.

  4. #4
    DF VIP Member Bodman's Avatar
    Join Date
    Feb 2001
    Location
    Bodsworld
    Posts
    911
    Thanks
    14
    Thanked:        30
    Karma Level
    351

    Default Re: 'security test' a site ?

    unfortunately there could be a million different ways into the site. Once you renamed your index.php did you check all the other files and also their security.

    Has anything else been changed, are the chmod permissions all correct. I would also change all of your site passwords. Yeah I know the password file is MD5 encrypted but that’s not 100%, check the logs as well so you can see what else has gone on.


    Do you have a backup of the site. A copy that definitely hasn't been messed with. If so it might be a good idea to up that one instead.


    //Bod

Similar Threads

  1. xbox site
    By Mark_1983 in forum Site Critique
    Replies: 17
    Last Post: 27th September 2002, 12:34 AM
  2. web site review
    By 0blue2 in forum Site Critique
    Replies: 7
    Last Post: 26th September 2002, 08:26 AM
  3. want to leave my pc on 24/7 whats best security
    By bloye in forum Internet Connections & VPNs
    Replies: 18
    Last Post: 16th September 2002, 12:01 PM
  4. coders lunch box - web site dev
    By wadgey in forum Forum Bug & Error Reports
    Replies: 1
    Last Post: 30th August 2002, 05:10 AM

Social Networking Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •