One thing we love about SiteGround is that they offer so much expertise over and above typical web hosting issues. They proactively sponsor many Joomla and WordPress events and offer up their expert staff as speakers at this event to inform you about important matters relating to speed, security (in this case popular Joomla Hacks) and much more.
Before Christmas, Daniel Kanchev, SiteGround's performance Guru did an excellent webinar on the most popular Joomla hacks to look out for, and steps you can take to avoid them. Daniel Kanchev has over seven years of Joomla experience with over five years at SiteGround. While there are a few hosts that specializes in WordPress (including SiteGround), SiteGround is one of the only ones we currently know who have attracted an enormous following in the Joomla community for their specialist knowledge, and they now host over 100,000 Joomla! Websites.
The webinar covers in detail the most common Hacks, including the following:
1. Outdated Joomla Core
- All versions before 3.1.5 and 2.5.14 are vulnerable
- Can be executed by anybody, no admin. rights needed
- The Attacker can obtain access to the install and its surrounding userspace
You can read more about the vulnerability on the SiteGround Blog, and how SiteGround plugged the vulnerability at the server level here: http://blog.siteground.com/joomla-vulnerability/
- Sometimes when a vulnerability in an extension is found, it takes the extension developers a long time to fix.
The natural solution to these vulnerabilities is to use a Web Application Firewall such as mod-security, CloudFlare (you will need the CloudFlare Pro version at $20 per month) or Incapsula (Business Plan at $59 per month). SiteGround has you covered, and adds more than 200 mod_sec rules every week to help guard against many of these vulnerabilities.
You can keep up to date with all their Extensions security bulletins here: http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions
- Remember that templates are not just a bunch of graphics, but fully functioning pieces of software. Ensure you install any updates as soon as possible. Many websites get hacked via SQL injection or XSS vulnerability because they are using old templates, where the vulnerabilities have not been fixed.
As with Extensions, Web Application Firewalls can also help guard against these vulnerabilities.
4. Weak Passwords
- Any simple weak password is vulnerable to a brute force attack. One example given by SiteGround was back in April 2014 when a group of hackers took control of a botnet and tried to brute force Joomla and WordPress installs worldwide. SiteGround quickly blocked the attack at the server level, but to give you an indication of how powerful the attack was, in 12 hours they blocked more than 15 million login requests.
The easy way to guard against this is to use more complicated passwords using a mix of different characters and upper and lowercase letters. SiteGround suggests in the video also to use a sentence. Another thing that helps is to change your username from "admin.".
There are some other steps you can take to secure your install from a brute force attack, such as allowing access to certain IP's only, adding Captcha, password protecting the admin. folder, as well as using secret URL parameters.
5. Outdated Server Software
- Old PHP 5.3 running as CGI remote execution exploit
This is something you would expect your web host to update, but you will be surprised how many hosts are running old server software. In the video, SiteGround gives a demo how something as simple as this can be taken advantage of.
6. Incorrectly configured server software
- Apache Symlinks bug
As if having outdated server software was bad enough, a simple configuration mistake such as omitting "SymLinksIfOwnerMatch" from your httpd.conf or .htaccess file can cause a vulnerability. More about this can be found at http://seclists.org/fulldisclosure/2013/Aug/81. Of course, this is delving into something quite technical, so all the more reason to go with a host that takes care of all this for you.
7. Joomla Permissions
- Just setting your file permissions incorrectly can be asking for trouble.
Your permissions should be:
- Folders: 755
- Files: 644
- configuration.php: 444
- This is where Viruses and Trojans steal your login details.
This is a simple fix, where all you need to do is stay up to date with your anti-virus software on your machine.
What if you have already been hacked?
If you have already been hacked, we recommend following the Action List created by Joomla, which you can find here. In summary, they suggest the following steps:
- Take your website offline
- Run the forum post assistant and security tool
- Scan all machines \ computers for viruses
- Ensure you have downloaded the latest version of Joomla
- Notify your host and work with them to clean up the website
- Review Vulnerable Extensions list
- Review and action the Joomla Security Checklist
- Change all passwords
- Do not use the standard Admin user.
- Delete and Replace all templates and files with clean copies
- Check all image and other media files for exploits
- Check server logs for suspicious IPs
- Use proper permissions on all files
- Disable anonymous FTP