NYCPHP Meetup

NYPHP.org

[joomla] having major issues with hacking and restoring

David Roth davidalanroth at gmail.com
Fri Oct 19 17:33:58 EDT 2012 

If the fear is that the hacking will come in through Joomla's Admin, my
advice is to protect /administrator with .htaccess. This puts another login
layer before even getting to the back-end prompt.

Long complex passwords are better. When it comes to selecting a password
for the MySQL database user, make it very long and cryptic. After all, you
won't have to be repeatedly typing that password after installation, so you
won't be troubled with a complex password to remember. Change passwords
frequently. If you use Google Calendar, put a reminder in there to change
passwords periodically.

If someone is hacking in through a method that has nothing to do with your
Joomla installation, but the web hosting service itself, then bolt to a
better service. Web hosting is very cheap now and there is competition so
look to upgrade if you can. Even though I'm not a fan of most shared
hosting services, there should at the very least be a "jail" shell for
shared users. This means that each user can't see anyone else's files or
processes running.

David Roth


On Fri, Oct 19, 2012 at 4:04 PM, Geoffrey Schaller <gjschaller at psi-13.com>wrote:

> As someone who has yet to be hacked (knock on wood), I'd like to ask the
> group - what is best practice to prevent this sort of thing?
>
>    - I already have Akeeba Backup and Admin Tools installed
>    - I run backups on a daily (DB) and weekly (whole site / server)
>    basis, and store them offsite.
>    - I've used Admin Tools to secure the ID of the default Admin / Super
>    User account.
>    - All of my extensions are up to date, and none are on the Vulnrable
>    Extensions list.
>
> I've seen a few anti-hacking tools on the JED - are they needed?  Is there
> something else I should be installing, or a specific option I should use
> when configuring my Joomla sites?
>
> -Geoffrey
>
> _______________________________________________
> New York PHP SIG: Joomla! Mailing List
> http://lists.nyphp.org/mailman/listinfo/joomla
>
> NYPHPCon 2006 Presentations Online
> http://www.nyphpcon.com
>
> Show Your Participation in New York PHP
> http://www.nyphp.org/show_participation.php
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/joomla/attachments/20121019/6f4e74ee/attachment.html>

More information about the Joomla mailing list