Joomal Hacked

by turnkeybiz 9 replies
Hey team, quick question, One of my sites have been hacked twice in 24 hours. It was a developed Joomal site. The developer has been great and has reinstalled the site for me, but the big question is:

1. Is Joomal easier then wordpress to hack?
2. Should I go with a Wordpress site or another CMS?
3. Heck just use Xsitepro, I did upgrade to 2.0

I have used mambo in the past and now remember that I stopped because it was hacked a few times.

Not that I want to say that these scripts are bad or get hacked, I know well enough that anything can get hacked if the SOB's want to.

I am sure iI mostly likely didn't upgrade to the latest version of Joomal. and again this is my fault.

But any advice from the team would be great.

Thanks Auggie
#main internet marketing discussion forum #hacked #joomal
Avatar of Unregistered
  • Profile picture of the author Muhammad Jalloh
    Hi Auggie,

    I would still rather stay with Joomla (not "Joomal") than with other CMS platforms.

    But you may also want to check out whether it is because you were using an older version that may have had bugs in it and provided easy entry for hackers.

    Again, did you consider whether it was your hosting account and not your Joomla-based site that was actually hacked?

    Those are just a couple of questions and possibilities that you may want to look into.

    I have Joomla 1.5 (the latest version) installed on two of my sites and they are working just fine.

    I hope you find (the reasons and) a solution to the repetitive hacking.

    ~Muhammad Jalloh
    {{ DiscussionBoard.errors[53063].message }}
    • Profile picture of the author Lloyd Lopes
      Its usually because the developer did something silly like leave the wrong file permissions on the wrong files or something small. Its very seldom that the Joomla system is to blame.

      Often , you won't notice until the damage has been done , so you couldn't really blame anyone. The devil is in the detail ;-)
      {{ DiscussionBoard.errors[53101].message }}
      • Profile picture of the author jensrsa
        Hundreds (thousands?) of Joomla 1.5 sites were hacked a week ago, including one of Joomla's own sites.

        Joomla 1.5.0 to 1.5.5 had a security loophole that was fixed with 1.5.6. This applied especially where the Admin username was still "admin" and the first user record.

        So make sure you at least upgrade to 1.5.6 and change your admin user name and password.

        Regarding the CMS security, my non-programmer logic tells me that any open source or commercially popular script/software/program is open to hackers as the code is freely available to everyone. These programs have a standard way of setting up which, unless you change things like admin log ins, switching off register global, etc. and improve your site security the door is left open.

        Jens
        {{ DiscussionBoard.errors[53288].message }}
        • Profile picture of the author Lloyd Lopes
          Originally Posted by jensrsa View Post

          Hundreds (thousands?) of Joomla 1.5 sites were hacked a week ago, including one of Joomla's own sites.
          Jens
          Ah...ok so he was using 1.5. No sympathy there then....1.015 Rocks!

          Jens - Have you had any problems with 1.5? Maybe a bug or a security hole that was breached?

          I have tried and tested a 1.5 site here on my local server , and things did not pan out well. It was actually fairly chaotic.

          How come people are using it if its getting hacked into and is generally problematic? Is there something I'm missing here? I didn't see a whole bunch of stuff that would make me rush out and switch...but then again...I often miss stuff thats in plain sight...
          {{ DiscussionBoard.errors[53489].message }}
          • Profile picture of the author jensrsa
            Originally Posted by Lloyd Lopes View Post

            Ah...ok so he was using 1.5. No sympathy there then....1.015 Rocks!

            Jens - Have you had any problems with 1.5? Maybe a bug or a security hole that was breached?

            I have tried and tested a 1.5 site here on my local server , and things did not pan out well. It was actually fairly chaotic.

            How come people are using it if its getting hacked into and is generally problematic? Is there something I'm missing here? I didn't see a whole bunch of stuff that would make me rush out and switch...but then again...I often miss stuff thats in plain sight...
            Hi Lloyd, I don't generally have problems with it although I had three sites hacked.

            Because some of the components and modules still play up, even those written for 1.5, I generally use it on smaller sites and haven't converted any of my main sites to it.

            I do find it is vital to test in both FF and IE, I suppose because of most templates not using tables the sites can view differently. Not really a 1.5 issue but rather tableless design.

            Jens
            {{ DiscussionBoard.errors[53691].message }}
        • Profile picture of the author Tiger
          Originally Posted by jensrsa View Post

          Joomla 1.5.0 to 1.5.5 had a security loophole that was fixed with 1.5.6. This applied especially where the Admin username was still "admin" and the first user record.

          I agree with Jens.

          Joomla goes through growing pains like any other CMS. That is why
          it is important to always use the freshest copy of a CMS if you
          possibly can.

          As for why people have gone to the latest version, it is because it
          IS stable. Developers are all moving to the 1.5 version.


          Note:
          Make sure your webmaster deletes the file called "php.info" if he or she has used
          it on your site. Leaving it on your joomla site is a security risk.

          /Steve
          Signature
          We Get What We Settle For
          {{ DiscussionBoard.errors[53499].message }}
      • Profile picture of the author Zach Booker
        From what I know joomal now is pretty secure.
        So I'd stick with it unless you get hacked quite a few more times.
        Stupid hackers :@
        Although I did almost beat everything on hackthissite.org
        {{ DiscussionBoard.errors[53647].message }}
  • Profile picture of the author Simplweb
    [quote=turnkeybiz;52384 Is Joomal easier then wordpress to hack?[/quote]

    Supposedly Wordpress has FAR more security holes in it than Joomla
    {{ DiscussionBoard.errors[54820].message }}
Avatar of Unregistered

Trending Topics