'security test' a site ?

Thread: 'security test' a site ?

  1. Zippeyrude's Avatar

    Zippeyrude said:

    Default 'security test' a site ?

    Im not asking someone to hack a 3rd partys site

    The front page to a site i am an admin on was hacked recently.

    The hackers hijacked / renamed the front page index.php file.

    Now, in not a tecchie and the tech guy said we needed 644 permissions on the file (from joomla).

    Interestingly the hacked file had 644 permissions so we're not quite sure how the site was exploited that permitted the file rename.

    Would anyone mind helping me understand where the hole in joomla or the install is so that we can tighten the security up ?
     
  2. Bodman's Avatar

    Bodman said:

    Default Re: 'security test' a site ?

    Is your server fully patched up and are you using the latest version of Joomla
     
  3. Zippeyrude's Avatar

    Zippeyrude said:

    Default Re: 'security test' a site ?

    joomla has been updated yes, not sure about the server. its externally hosted by a reputable comp so i presume any server updates are good.
     
  4. Bodman's Avatar

    Bodman said:

    Default Re: 'security test' a site ?

    unfortunately there could be a million different ways into the site. Once you renamed your index.php did you check all the other files and also their security.

    Has anything else been changed, are the chmod permissions all correct. I would also change all of your site passwords. Yeah I know the password file is MD5 encrypted but thatís not 100%, check the logs as well so you can see what else has gone on.


    Do you have a backup of the site. A copy that definitely hasn't been messed with. If so it might be a good idea to up that one instead.


    //Bod