[Novalug] joomla hacked...
Keith Casey
mailinglists at caseysoftware.com
Sun Jan 31 17:14:20 EST 2010
On Sat, Jan 30, 2010 at 6:23 PM, Anthony Soucek
<monkeywrenchit at gmail.com> wrote:
> I recently had a customer migrate to joomla (and another service
> provider)...and was recently horribly hacked and defaced. Do you think the
> Sys admin was asleep at the wheel, or is Joomla not secure? What do you
> think?
I'm not particularly a fan or user of Joomla but I think putting blame
on that is *way* too early at this point.
As others have noted, how were the passwords handled? Was the admin
account properly locked down? Were the FTP credentials reasonable? Was
the release up to date?
Until you determine how they got in, there's also a whole other set of
questions:
* What else was running on it? Were those things properly patched?
* Have all the Joomla extensions & components been updated appropriately?
* Was is shared hosting? Was everyone else's stuff properly patched?
* Was the version of PHP up to date? What about Apache (or IIS)?
* Were file system permissions correct (not 777)?
* After the conversion/upgrade did were all the passwords changed?
* When was the last time some sort of audit was performed?
Someone determined to get access only has to get lucky once. We have
to combine luck with knowledge and skill to make sure we succeed every
time.
kc
--
D. Keith Casey Jr.
CTO, Blue Parabola, LLC
http://BlueParabola.com
http://CaseySoftware.com/blog
More information about the Novalug
mailing list