My Joomla! Site Got Hacked! What Do I Do?
Even if you're site isn't hacked, I would encourage you to read through this whole post and consider what myJoomla.com can do to help keep your Joomla site hack free.
myJoomla.com is a Security and Management Tools for Joomla that allows you, the site administrator, to see all the possible issues with your site, and to take action to secure, manage, update and monitor it all from within your myJoomla.com dashboard. myJoomla.com is the only audit tool of it's kind, and is a two time J.O.S.C.A.R. ( ) award winner.
First and foremost, myJoomla.com gives you live data from your site right through the myJoomla dashboard. You'll instantly see your site, or sites if you use this on more than one site (and you should), what version its running, issues and problems that might need fixing immediately. While also in the dashboard, you can run backups, update your sites, iniitate site audits and also keep a close watch by monitoring all the sites.
If you do find a legitimate hack, myJoomla gives you the tools you need to identify and fix the hack quickly, and secure your site before any further damage happens. All you have to do is use the advice that myJoomla suggests for each issue, and you'll be well on your way to cleaning up the bad stuff!
If you use Joomla! for your corporate website, using myJoomla behind the scenes will take almost all of the guess work out of running a clean website -- it's like you have a secret security specialist working for you, but allowing you to look like a rockstar to your bosses! You'll also learn what the best practices are when it comes to Joomla! site maintenance and security by the leading Joomla! security specialists, Phil Taylor (@blueflameit), CEO at myJoomla.com.
How does myJoomla.com know if my Joomla! site is hacked?
There be dragons here. LOL Seriously though, myJoomla.com audits your site from within. It's not just another scanner, and in fact, it's the farthest thing from that. You see, a scanner can only look for ports and other intrusion points from the outside whereas myJoomla actually looks at your Joomla files from the inside. This is a huge difference for a number of advantageous reasons:
- You get to see what's going on with the files themselves
- Suspected malicious code within files
- Differences in files between one audit and the next
- A list of possible insecurities
- A list of things you can do to further secure your site
and all of this is based on the advanced and deep knowledge of Joomla as well as security by the author of myJoomla.com.
I Don't Know How To Clean My Hacked Site. What Do I Do With My Audit?
There's no better place to go than the one who actually knows Joomla security, and Phil Taylor himself is accessible to contract to clean up your hacked Joomla! site if you can't do it yourself, or against a deadline and don't have time to devote to sanitizing your site. Mr. Taylor's service is the best in the industry, and if you want to be sure that your site is cleaned better than any other, contact Phil through myJoomla.com to take care of it.
Will My Site Stay Hack Free?
Keep in mind that even though a hacked site can get sanitized and cleared of the hacks, there's nothing stopping another hacker from attempting to find a way in. Just because your site is hack free now, doesn't mean that it will stay that way. That is the true reason to create an audit schedule, wether it's twice a month or monthly, you will want to stay on top of your site, the files and the server itself to ensure your site is as hard to hack as possible. It's for this reason that you wouldn't just want the one free audit that Phil offers. While that's a good way to check your site initially, you'll definately want to subscribe to the service so you can keep an eye on your site.
The Single Biggest Reason That Joomla Sites Get Hacked
Go take a look on the forums. Find all the posts people put up about their Joomla! sites getting hacked. You'll find that 95% of the time, Joomla! (the current version, which you should be running) has nothing to do with the intrusion, but the real culprit is one or more of the following:
- Running an old version of Joomla! Yes, there are Joomla! 1.0 & 1.5 sites still in production! I know it's hard to believe, but a lot of people that post issues about being hacked are running old versions, and either never updated or paid someone to do it for them. These are the same people that probably are still on Windows XP SP1 and turned off the updates. Even if you're running on a Joomla! 2.5 site, for God's sakes, please upgrade. If you don't, and you get hacked, don't post on the forums and expect that you'll get any type of help.
- Using Crap Third Party Extensions is the second biggest reason Joomla! gets hacked. Not every extension on the JED is good. There's plenty of extensions that have security vunerabilities, and when you install one, you're essentially opening up your site by way of that extension to hackers. There isn't a good way to tell if the extension you're installing has a flaw unless you go through it line by line and of course, you're a good Joomla! developer. For this reason, it's best practice to stay away from installing extensions unless you absolutly have to install it, and then, do your research to ensure you're downloading the extension from a generally trusted source that has a well established history of creating high quality Joomla! extensions.
- Using a Cheap Shared Hosting Provider or not properly securing your web server (VPS or Dedicated Servers) -- The intrusion point may not have been Joomla! or the extensions at all. In many cases, the hosting itself is at fault. There could be a zillion ways that a hacker could get into the server, so do your dilligence and either get a quality shared hosting provider or make sure someone who knows what they're doing is locking down your VPS or Dedicated Server. Expect to pay between $15-$60 USD/mo. for good hosting (and that goes for any site). Trying to save money by skimping on hosting by paying just $3/mo on Gopoopy and having an expectation of not getting hacked from the hosting end of things isn't the right way to think about things anyway. How much downtime (or lost sales) can you afford to have if your site is hacked, and is it really worth saving a couple bucks on hosting?
Start Here If Your Site Is Hacked
First, go to myJoomla.com and register for an account. the signup for is straight forward, but one of the cool things is you can add your twitter handle for support and notifications as well as follow @securejoomla.
Now it's time to add your first site. If it's the only site you have, why not create a few more sites? LOL
Friendly Name: Enter the name of your site
Site Address: The URL of the site
Now it's time to get serious. :D The way it works is that you have to connect your hacked Joomla site to myJoomla.com by way of a connector. the connector is simply installed in the same manner any other extension would be installed in your Joomla! Control Panel's Extension Installer.
Please Note: In the best case scenerio, you would want to sign up for the myJoomla.com service before your site gets hacked so you can run an audit on clean files. myJoomla will store the findings of the audit, and if you suspect your site does get hacked, you have the previous version to check against.
myJoomla.com will create a customized connector that will ONLY work with your site. Even if you installed it on another site, it would not work. So you just click the download now button and download the install file.
Now you need to login to your Joomla Control Panel (www.YOURSITE.com/administrator in most cases). You can do this in another browser window, or just by clicking on the Click to go to your site admin button.
Go to the Extension manager and install the connector as you would with any other Joomla extension.
You should now get a green confirmation message that the connector has been installed. No more action is needed on your website at this time, as it says in the red box, return to the myJoomla installation window for the rest.
Returning to the myJoomla.com install screen, I can now see that Joomla 2.5+ and Joomla 3.2+ are both green. Since my site is a Joomla 3.3.3 site (I purposely did not upgrade so I could do this tutorial), I select the Joomla 3.2+ button.
A new window opens and I see everything is good!
Now we are ready to check the connection. I simply click the Check connection status button and...
the button reads:
Once the check is complete, you are ready to...
Start A New Audit
You are ready to queue your first audit. Just click green Start Audit button to begin, then go and grab a cup of coffee.
The audit now begins and you can watch the progression like its the most interesting thing in the world.
During this time, myJoomla.com connects and deeply audits your site. This can take a long time, so don't worry if nothing is happening for quite a while. You can browse funny cat pictures or something while you wait. If you keep the audit tab open, you can track how it's coming along by viewing the percentage complete.
Audit Complete! Lets Have A Look!
Once your audit finishes, go to your main dashboard and have a look. We see that the Joomla version is out of date so we know instantly that we'll have to upgrade the site (or move to a development site to test the upgrade before performing on a live site, of course).
For now, I'll just click the Manage Site button and do some more research.
Going to the individual site's dashboard, once again I get a message letting me know that my Joomla version is a bit behind. I also get a little basic information about the site as well.
When the audit completes, you'll see a list of issues if there are any. Most of the time, there will be things that you didn't even know, so do look the results over very carefully.
While I won't go through every error here, I'll go through one to demonstrate the power of this audit tool. Notice the second entry says "Changes to the core joomla files should be avoided"? Yeah, so I don't remember making any changes there as it's bad, bad practice, so lets have a look. I click on the blue wrench icon and get the following screen:
I click view changes to see what's been modified, and find this:
At this point, I can choose to keep or roll back the file to how it was before. In this case, it was a false positive, so I'll keep the file.
Sometimes, myJoomla will just give you suggestions When you click the Learn More button, you'll get a page about the topic, what the audit checks for and what the recommendations are. Extremely useful, and a great learning tool! Definately something to read in order to learn more!
That pretty sums up my review for the myJoomla.com service. I think that it's a must for any production Joomla! site, and well worth the investment considering a hacked site almost always costs time and money, and in most cases, not just a little either!
Note: This is not a paid recommendation, nor do I receive a commission for the referal. I think Phil Taylor's myJoomla.com is a ducking good service and well worth the time to recommend!