Recently, a lot of hacks and attacks on Joomla CMS. In this regard, we decided to give some advice to our customers.
Most break-ins occur for several reasons.
1) Outdated version of Joomla.
Check the Joomla version in the admin panel and compare it with the latest version. You can check the latest version on the websites:
http://joomlaportal.ru/ – in the column on the right
and on the English-language site: http://www.joomla.org/download.html
It is worth noting that now there are actually three main branches of Joomla: 1.5, 2.5 and 3.1
Version 1.5 of Joomla is no longer supported and therefore not updated. If you have a version of this branch, then you should seriously think about switching to Joomla 2.5 in the near future.
On this subject there is a good article in Ukrainian: How to update Joomla 1.5 to 2.5
Versions 2.5 and 3.1 support automatic updates and updates directly through the admin panel, the main thing is to monitor this and make updates on time.
2) Outdated version of components.
It is also worth carefully monitoring the versions of Joomla components, as through older versions of components are also a lot of hacks.
In Joomla 2.5 and 3.1 you can check for component updates automatically. However, it should be noted that this works only for those components whose authors have provided such a possibility.
You can also check for new versions from the http://extensions.joomla.org/ catalog. To check – just type the name of your component into the extension directory search.
The component through which most often hacked sites is JCE. It is worth checking first. Also carefully check the file upload settings in this component.
Check the latest version of JCE here: http://extensions.joomla.org/extensions/edition/editors/88
3) Search for passwords to the Joomla admin.
This is the most frequent attack in recent times. And even if you have a strong password and the site is not cracked, the large number of requests to the page /administrator gives a big load and can greatly slow down the site.
Conclusion: you need to close or hide the page /administrator
How do you do that?
- With .htaccess. If you have a static IP address, you can close the login to the admin area for everyone except your IP by writing the following lines in the .htaccess file
Deny from all
Allow from 184.108.40.206 ;
Where 220.127.116.11 is your IP address. You can see your IP here: http://internet.yandex.ru/
This rule blocks access to the admin from all IP addresses except yours.
The .htaccess file itself should be located in /administrator/
This method works best if the attack bots give a load on the site, as when using other methods bots will still be given a page of the site, though not to enter the admin panel.
- Using the Jsecure Lite plugin. The plugin is installed very simply, and in the settings we set the keyword that will be added to the link to the admin /administrator. All who will go to the direct address /administrator – will redirect to the main page of the site, as if the page /administrator not existed.
- With AdminExile – it has more settings than the previous plugin, but the principle of operation is generally the same. After its installation and configuration you will need to get into the admin area at the address like /administrator.key where key – the secret key, which you specify yourself in the settings of the plugin.