Continuing Top Ten Joomla Security Issues 5 to 1
#5 No Joomla Backup Rutine
I cannot tell you how many times we are contact by potential clients who have security issues, when asked if they have a recent clean backup they answer "my host does that for me, don't they?" No! unless you pay for an extra service backups are your responsibility.
A backup routine is essential for every website in the world, you must set one up now!
#4 Your Joomla Allows Uploads Without Any Restrictions
The worst hack we've ever seen came from a site that allowed users, once registered to upload whatever they wanted. This is absolute madness, their dedicated server 'got owned' and the clean up was a long and expensive process. If you have a forum or allow uploads for any other reason, please set restrictions on file types, file sizes and in your .htaccess file use clever coding to detect common exploit terms.
#3 Out Of Date Joomla Core Files
Joomla is built with a database and php files, these files get updated when a security vulnerability is known. The 1.5 branch of Joomla is now running on version 1.5.26 that means that 26 updates have been released in the four years 1.5 has been available. On average one release every two months and all are for security reasons.
Keeping core files up to date is one of the best ways you can avoid hacker activity on your site, there are now add-ons that inform you of an update in the administrator area and can update your Joomla website with a couple of clicks.
#2 Joomla Website Re-hacked - Missed Hacker Files
Oh dear - time and time again.
About 20% of our de-hacking jobs come from other developers or site owners who have cleaned out a hacking incident and very quickly been re-hacked. De-hacking a Joomla website is a skill, you can overlay a clean set of files to your current files but what about new files that have been added.
We've created our own script that we add to a client's site, we then search for anything that is not a part of the core Joomla files, we then investigate what these files are, some will be legit and others might be hacker files.
One thing is for sure, our clients never get re-hacked from the same incident.
#1 Weak Joomla Administrator Password
admin - admin
admin - nimda
admin - password
nimda - drowssap
Firstly rename the administrator account username from admin to something memorable, If admin is your username I'm 50% of the way to accessing your website. I know in the modern world we have so many passwords to remember, I use three words and swap out some letters for numbers, on different sites and services I swap the order of the words, there are only three possible passwords I can use and if I don't know them, they are going to be difficult for other people / hackers to guess. Software enables hackers to run millions of guesses a second, you can configure servers to block 'brute force password attempts', for the main just setting a strong password is enough but remember to change your username from 'admin'.
Giving Away Or Leaving Joomla Login Details Laying Around
You would not believe how many people on the Joomla forum post their login details for the world to see. Leaving machines on in the office with details in clear view.
Email Accounts Hacked
Email accounts getting hacked which contain your site and server details. This is not so common but does happen.
Professional Joomla Security Support
That concludes our list of the top ten Joomla security issues. If these affect you and you require professional Joomla security experts to help you with a one off package or long term ongoing help, click the box below to contact us.