← Older revision

Revision as of 16:10, 12 June 2013

(2 intermediate revisions by one user not shown)

Line 11:

* Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. (see [[#Local_Security|Local Security]] below)

−

* Ensure you have the '''latest version''' of [http://www.joomla.org/download.html Joomla]

+

* Ensure you have downloaded the '''latest version''' of [http://www.joomla.org/download.html Joomla] for the series of Joomla used on the site. (see [[#incompatible_versions|Incompatible Versions]] below)

* '''Notify your host''' and work with them to clean up the site, and to make sure there are no back doors to your site.

Line 25:

* Do not use the standard Admin user, [[Why_should_you_immediately_change_the_name_of_the_default_admin_user%3F|disable it]]. If you need to reset your admin password, see [[How_do_you_recover_your_admin_password%3F|these instructions]].

−

* '''Replace''' all templates and files with clean copies,

+

* '''Delete and Replace''' all templates and files with clean copies,

−

* '''Check''' and/or replace all .pdf, image, photo files for exploits

+

* '''Check''' and/or replace all .pdf, image, photo files for exploits. Delete any that are suspicious

* Check you server logs for IP's calling suspicious files or attempting POST commands to non-form's

* Use proper permissions on files and directories. They '''should never be 777<ref>Permissions should never be 777</ref>, but ideal is 644 for files and 755 folders'''.

Line 161:

Raw Access Logs allow you to see who has accessed your site without the use of graphs, charts or other graphics. in cPanel for instance you can use the Raw Access Logs menu to download a zipped version of the server's access log for your site. This can be very useful when you need to see who is accessing your site quickly. Many people forget that this needs to be activated by the user of the account and is not automatically activated upon the creation of a hosting account in cPanel for instance!

−

'''Incompatible Versions'''

+

<div id="incompatible_versions" />'''Incompatible Versions'''

This document applies to all versions of Joomla. Use the latest version of Joomla that is compatible with your existing Joomla websites version to repair your site. Some version upgrades require a [[Migrating_from_Joomla_1.5_to_Joomla_2.5|site migration]] and will render your Joomla site inoperative if used to replace an earlier version of Joomla when repairing site hacking. For example: Do not replace a 1.5.xx based site with version 2.5.xx of Joomla. Doing so will leave the site in an inoperative state and may also result in a loss of data.

Joomla! Documentation - Changes related to "Security/Reading list" [en]

Security Checklist/You have been hacked or defaced

@@ Line 11: / Line 11: @@
 * Scan all machines with FTP, Joomla super admin, and Joomla admin access for malware, virus, trojans, spyware, etc. (see [[#Local_Security|Local Security]] below)
-* Ensure you have the '''latest version''' of [http://www.joomla.org/download.html Joomla]
+* Ensure you have downloaded the '''latest version''' of [http://www.joomla.org/download.html Joomla] for the series of Joomla used on the site. (see [[#incompatible_versions|Incompatible Versions]] below)
 * '''Notify your host''' and work with them to clean up the site, and to make sure there are no back doors to your site.
@@ Line 25: / Line 25: @@
 * Do not use the standard Admin user, [[Why_should_you_immediately_change_the_name_of_the_default_admin_user%3F|disable it]]. If you need to reset your admin password, see [[How_do_you_recover_your_admin_password%3F|these instructions]].
-* '''Replace''' all templates and files with clean copies,
+* '''Delete and Replace''' all templates and files with clean copies,
-* '''Check''' and/or replace all .pdf, image, photo files for exploits
+* '''Check''' and/or replace all .pdf, image, photo files for exploits. Delete any that are suspicious
 * Check you server logs for IP's calling suspicious files or attempting POST commands to non-form's
 * Use proper permissions on files and directories. They '''should never be 777<ref>Permissions should never be 777</ref>, but ideal is 644 for files and 755 folders'''.
@@ Line 161: / Line 161: @@
 Raw Access Logs allow you to see who has accessed your site without the use of graphs, charts or other graphics. in cPanel for instance you can use the Raw Access Logs menu to download a zipped version of the server's access log for your site. This can be very useful when you need to see who is accessing your site quickly. Many people forget that this needs to be activated by the user of the account and is not automatically activated upon the creation of a hosting account in cPanel for instance!
-'''Incompatible Versions'''
+<div id="incompatible_versions" />'''Incompatible Versions'''
 This document applies to all versions of Joomla. Use the latest version of Joomla that is compatible with your existing Joomla websites version to repair your site. Some version upgrades require a [[Migrating_from_Joomla_1.5_to_Joomla_2.5|site migration]] and will render your Joomla site inoperative if used to replace an earlier version of Joomla when repairing site hacking. For example: Do not replace a 1.5.xx based site with version 2.5.xx of Joomla. Doing so will leave the site in an inoperative state and may also result in a loss of data.