Joomla Sites are being HACKED!

by 12 comments
Hey everyone. Just a FYI if you are rumming a Joomla site!

A site of mine was hacked 2 times in the last 4 weeks by "Goy Hackers". If you are running anything less than Joomla 1.5.6, you should upgrade to 1.5.6. There is a security flaw in the admin interface that can be hacked. That is the only fix for now. We migrated everything over to wordpress, 5 days downtime! Not cool...

Just a little friendly FYI...

#internet marketing #hacked #joomla #sites
  • Profile picture of the author Andy Money
    This was brought up earlier but thanks for posting. I had the pleasure of being hacked too.
  • Profile picture of the author Allegro
    is it safe to activate legacy mode?
  • Profile picture of the author Jesus Perez
    This is a 1.5 issue, correct? Please confirm if 1.0 users are safe.
  • Profile picture of the author jensrsa

    Joomla 1.5.0 - 1.5.5 has a loophole that's fixed with 1.5.6

    Joomla 1.5.7 is now available but is written for php 5 so there are some issues if you on php 4. See the workaround at Joomla! 1.5.7 upgrade. 1.5.8 is expected to overcome this.

    No problems reported on Joomla 1.0.x but upgrade to the latest version 1.0.15

    The big thing with any cms is to regularly upgrade to the latest version

  • Profile picture of the author Lloyd Lopes
    I use 1.015 and recommend it for precisely these reasons. I'm often told I'm not moving with the times and that it will be difficult to upgrade later.

    I have a hard time explaining to clients why I'm not offering 1.5 and why I don't recommend it - and I get a lot of resistance with clients that think they are being short changed with old software. I often get the argument that "1.5 is "stable" and that "I'm making a bad decision" by not going with it.

    Sure , 1.5 is nicer , but better the devil you know.
  • Profile picture of the author jensrsa
    Liloyd, you're not wrong although the problem is that the developers are leaving you behind now.

    - PHP 4 reached the end in August and will not be maintained or upgraded anymore.
    - Joomla 1.0 seems to have reached its end with 1.0.15
    - Take a look at the Joomla extensions directory and you'll see that most new extensions are developed for 1.5 and even the developers that kicked against it are bring out their 1.5 version. Soon the developments and upgrades for 1.0 will cease

    Yes, 1.5 is not quite as "stable" as they had made out initially however I find that, on the whole, it is a much easier program to work with and once set up I haven't had any problems. Its advantages are just too great to ignore.

    • Profile picture of the author Lloyd Lopes
      Originally Posted by jensrsa View Post

      Yes, 1.5 is not quite as "stable" as they had made out initially however I find that, on the whole, it is a much easier program to work with and once set up I haven't had any problems. Its advantages are just too great to ignore.

      Agreed. I won't use it forever....but imagine my popularity if I set up a bunch of sites that were hacked...
  • Profile picture of the author jensrsa
    Well, the recent hack was a wake up call and fortuntely a fairly non-malicious hack and easy to fix.

    I think we need to be aware that any web site can be hacked and we need to do whatever is necessary to upp our security.

    See Have you sharpened your web site security yet?

  • Profile picture of the author lyj1968
    I am glad that I am still running Joomla1.0 version for my site.
    • Profile picture of the author jensrsa
      Originally Posted by lyj1968 View Post

      I am glad that I am still running Joomla1.0 version for my site.
      I'm running all my new sites on 1.5 (latest version) however I

      - don't use the default "admin" as a user name - I immediately change it on installation
      - use passwords containing uppercase, lowercase, numbers and symbols, including my FTP usernames and passwords,
      - upgrade to the latest version immediately (although 1.5.7 created some problems )

      I use 1.5 mainly because it
      - is easier to set up
      - more SEO friendly
      - W3 compliant
      - I don't want to upgrade from 1.0 to 1.5 in the future, which is a schlep

  • Profile picture of the author jensrsa
    BTW take a look at the official Joomla support forum, it is virtually all 1.5 with 1.0 drastically downscaled. The futire is with 1.5 with no or little support for 1.0

    1.0 is OK for current sites but any new sites you should look at 1.5


Next Topics on Trending Feed

  • 19 {{ upvoteCount | shortNum }} 5

    1. Lack Of Strategy Many of the tools available to Internet marketers are either cheap or free. As a result, many new marketers are tempted to use them all at once. Successful Internet marketers begin with a strategy that identifies the goals of a campaign, the target audience and other key planning elements. Only then do they choose their tactics. Remember: tactics without strategy is the noise before defeat.

  • 4 {{ upvoteCount | shortNum }} 5

    I've been a relatively successful Freelance writer on over the last several years. I haven'€™t worked totally consistently during that time, but I've done pretty well and have recently been growing my business pretty aggressively and turning up the heat! I recently got connected with a start-up company that frequently uses Freelance to get tasks done for cheap, and I had a great conversation with the founder of that company which serves as the inspiration for this article. Employers have to work hard to ensure that they'€™re getting the right person when they hire a Freelancer. Once a project is accepted and a milestone is created, it can be a major hassle to resolve any disputes, especially those surrounding the quality of the work. I don't have a lot of insight into this process but I have learned a thing or two about choosing the right employers. A lot of folks have it in their head that the customer is always right, but as a Freelancer, you have the ability to choose who is and isn'€™t going to be your customer. Here are some guidelines for finding great employers that fit with your business.

  • 25 {{ upvoteCount | shortNum }} 5

    After five years and almost one thousand projects, give it or take, I believe I have come up with a handful of more or less reliable signs that you're dealing with a bad client. I haven't reinvented the wheel, that's for sure. It's just like in that saying. Maybe I don't know what I want, but I certainly know what I don't want. The same goes here. Maybe I don't know how to find a good client, but I certainly know how to avoid a bad one. Also, I'm far from an ideal list. Sharing experiences regarding bad clients can help a lot. After all, we play in the same team. In addition, I strongly believe in Good Karma principle. Meaning, there's plenty of room and clients for everybody. Deal with real people not with avatars

  • 9 {{ upvoteCount | shortNum }} 5

    When people think of the term copywriter they will often imagine someone sitting at home or at a caf, tapping away at a laptop and churning out good copy for their immediate employer whether it be a one-off project or a long-standing relationship between a publication (online or print) and the copywriter. Now that might often be correct, but there are different types of copywriters out there. Lets have a look at the main types.

  • 11 {{ upvoteCount | shortNum }} 5

    Hopefully someone can enlighten me on something that I'm confused about it. So when it comes to CPM, from an advertisers point-of-view, they pay for every 1,000 impressions of their ad. Now their ad is viewed on multiple sites. So let's say it's viewed 100 times on Site A, 200 times on site B, 300 times on site C, and 400 times on site D. Once that happens, the advertiser pays. Correct me if I'm wrong, but that is how that works? From the perspective of a publisher is where I'm more confused. So if I'm displaying CPM ads on my site, am I paid everytime the ad is viewed on my site or does the ad have to be displayed 1,000 times on my site before I get paid?