I was thinking to start by writing a post about how to secure your site. But I guess most people think about it only when they have been hacked. And then it is probably too late.
So… you have been hacked and you are trying to fix your site.
First of all, consider yourself lucky. A hacked site is supposed to be secretly hacked unless you are running a public or very popular site and the hacker is making a statement by defacing your pages. Or if he is greedy enough to try to squeeze some money by spamming your users. Or if he is trying to spread some virus. Well, you get the idea.
Good news or bad news will depend on what have you done to protect your work. And I sincerely hope that you do not have any sensitive information on your site or on your server.
First of all, the only safe point of view is to consider your entire server compromised. That means that you can safely assume that the hacker already has a number of backdoors to your server, and can use it as he wants. For mail spam, or for more blackhat and/or illegal things.
That said, the only way to safely restore your site, is to request a completely new server or Cpanel for your site, change ALL usernames and passwords, restore a safe copy of your code and try to patch any holes in obsolete or poorly maintained add-ons. So…
- Do you have a backup of the clean code?
- Do you have a backup of the database?
- Do you use properly maintained addons?
If not, you are into a lot of trouble… It will be a looooong week while you try to find or rebuild a trusted copy….
I know, that is not much of a “How to”, but I am trying to make a point.
To prevent this from happening in the first place, have a look at my list of to-do things to prevent getting hacked.
If you have any questions or want to share your pain, feel free to comment below.
I feel you… like most people, I had to learn the hard way…
The Graphic is taken from http://myjoomla.com . A prime service that allows you to audit and patch your Joomla sites easily.