Actions

Difference between revisions of "Security Checklist/You have been hacked or defaced"

From Joomla! Documentation

< Security Checklist
(References: added reference)
(added note to 'a safe route for disaster relief' section)
Line 3: Line 3:
 
We are sorry for any basic language used in this document.
 
We are sorry for any basic language used in this document.
 
Before you post in the Joomla! Security Forum [http://forum.joomla.org/viewtopic.php?f=432&t=475313 please read this] checklist summary, then use it as a post template.
 
Before you post in the Joomla! Security Forum [http://forum.joomla.org/viewtopic.php?f=432&t=475313 please read this] checklist summary, then use it as a post template.
 
  
 
=== On Line Action List===
 
=== On Line Action List===
Line 33: Line 32:
  
 
== chmod and cron ==
 
== chmod and cron ==
 
  
 
IF you have permissions to access SSH (secure shell) via putty you can chmod the files and directories.
 
IF you have permissions to access SSH (secure shell) via putty you can chmod the files and directories.
Line 46: Line 44:
  
 
<pre>find /home/xxxxxx/domains/xxxxxxx.com/public_html -type d -exec chmod 755 {} \;</pre>
 
<pre>find /home/xxxxxx/domains/xxxxxxx.com/public_html -type d -exec chmod 755 {} \;</pre>
 
  
 
To check for recent file changes within the last day on your system use these commands from putty (SSH - secure shell) or via a cron job.
 
To check for recent file changes within the last day on your system use these commands from putty (SSH - secure shell) or via a cron job.
Line 55: Line 52:
  
 
<pre>find /home/xxxxxx/domains/xxxxxxx.com/public_html -type f -ctime -1 -exec ls -ls {} \;</pre>
 
<pre>find /home/xxxxxx/domains/xxxxxxx.com/public_html -type f -ctime -1 -exec ls -ls {} \;</pre>
 
  
 
Please note your sites files may be located in public_html, httpdocs, www, or a similar place, and your physical path may also be different than in the examples. Adjust the physical path accordingly.
 
Please note your sites files may be located in public_html, httpdocs, www, or a similar place, and your physical path may also be different than in the examples. Adjust the physical path accordingly.
 
  
 
== 777 Permissions ==
 
== 777 Permissions ==
Line 78: Line 73:
 
* save the configuration.php file and your images and personal files one by one, (not the folder as it may contain unwanted files)
 
* save the configuration.php file and your images and personal files one by one, (not the folder as it may contain unwanted files)
 
* wipe the entire folder where Joomla! is installed
 
* wipe the entire folder where Joomla! is installed
* upload a new clean full package latest version of joomla 1.5.x or Joomla 1.7.x/2.5.x (minus the install folder)
+
* upload a new clean full package latest version of joomla 1.5.x or Joomla 1.7.x/2.5.x (minus the install folder)<ref>Incompatible Versions</ref>
 
* reupload your configuration file & images.
 
* reupload your configuration file & images.
 
* reupload or reinstall the latest versions of your extensions , templates (even better is to use original clean copies to ensure that the hacker/defacer did not leave any shell script files in your site)
 
* reupload or reinstall the latest versions of your extensions , templates (even better is to use original clean copies to ensure that the hacker/defacer did not leave any shell script files in your site)
  
 
To do this will take your site off line for around 15 minutes. To track down your hacked/defaced html may take hours or even longer.
 
To do this will take your site off line for around 15 minutes. To track down your hacked/defaced html may take hours or even longer.
 
  
 
=== Local Security ===
 
=== Local Security ===
Line 176: Line 170:
 
# [[Security Checklist 5 - Site Administration|Site Administration]]
 
# [[Security Checklist 5 - Site Administration|Site Administration]]
 
# [[Security Checklist 6 - Site Recovery|Site Recovery]]
 
# [[Security Checklist 6 - Site Recovery|Site Recovery]]
 
  
 
[[Category:FAQ]]
 
[[Category:FAQ]]

Revision as of 12:58, 22 April 2012