L
L
lukoie2014-10-03 22:23:35
Joomla
lukoie, 2014-10-03 22:23:35

How to find out exactly how the site was hacked, and how to protect it?

There is a site on Joomla. Recently, someone has been hacking the site. A link to Ryazan prostitutes is added to the main theme file in the basement. And PHP files appear at the root, as I understand it, for sending spam.
Some directories had files for remote access.
Changed passwords - for hosting and ftp. Cleaned out extraneous files and embedded scripts, updated Joomla.
But today the same thing happened again.
Question 1: how to find out how they hacked? What kind of hole did you use?
Question 2: Is there an adequate plug-in to protect Joomla from hacking (and / or checking the installation of Joomla for the presence of any backdoors and other evil spirits)? Or an article describing verification and protection algorithms (for example, rights, extension vulnerabilities, etc.).
Thanks in advance.
ZYZH to the changed files they return their former date! Only new files show that the date is when I did nothing with the site. And the theme index file has permissions set to 444, although I definitely didn’t change them like that.

Answer the question

In order to leave comments, you need to log in

4 answer(s)
A
Alex Chistyakov, 2014-10-04
@alexclear

What FTP client do you use? And what operating system do you have on the client machine? How many people have FTP access? The option that seems most likely to me is that neither Joomla nor the hosting itself contains any holes, the machine with which there is FTP access is hacked, and files are uploaded from it. I have seen this many times. Check all client machines that have FTP access with some good antivirus, or better, several.

S
Sergey, 2014-10-04
@TsarS

And do not save the password in the FTP client

O
olegsharapov91, 2019-01-15
@olegsharapov91

As for the plugins above , Natan said everything correctly. But the antivirus is useless here, this is web security. Here you need to use vulnerability scanners, you can google for the word DAST.
Of the good ones with a trial, I advise https://detectify.com, https://metascan.ru, https://acunetix.com. Based on the results, you will understand how you were hacked: holes, sql injections, xss, some forgotten ports, easy passwords, and so on.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question