the-generalist.com

  • Increase font size
  • Default font size
  • Decrease font size
joomla templates, wordpress themes, drupal, datalife engine, graphics, seo,
Home

Keeping Your Website Secure (Keep It Updated)

E-mail Print PDF

I was given a nice lesson last week on why it's important to update your website components. I'm not big on html\php and don't have a lot of free time, so I built my site on existing technologies written by other people. I tried several different things while building the site and unfortunately, didn't remove the old, unused stuff. Between the unused code and the old build of Joomla I had apparently left some vulnerabilities on my site. Someone managed to sneak some of their own stuff on the site resulting in my site being locked for an attempted phishing scam.

Fortunately, JostHost was helpful. They locked my site, sent me the relevant information, and offered some suggestions. After I removed the offending files, they put my site right back up. The only reason the site wasn't back up quickly is that I was at E3 all day and couldn't fix it.

Unfortunately, the next day it was down again. Same routine, but this time I went through and checked my entire site. I found a back door left on the site. JustHost gave me ssh access temporarily so I could more easily fix my poor, afflicted site. I checked for a list of all files modified or added to my site within the last two weeks. I managed to find three different backdoors hidden around the site. I also removed all the sections of the site I was no longer using, or had never really used. I updated the Joomla install to the latest and checked all the modules I installed against the known vulnerabilities list. I changed all my passwords even though it doesn't look like any actual logins were compromised, and verified the permissions on my whole file system. I left the site down for most of the weekend until I was sure it was clean this time.

Now the site is back up. I've added myself to the Joomla security notification email and left a cron job running to notify me of recent file changes. Considering I only pay a few dollars a month to host multiple sites, the support from JustHost was great. I was always treated as the victim, never as a criminal. They were friendly, helpful, and responded much faster each time than the service level I was paying for.

Rather than repeating all the information here, I'm going to link a few pages that were helpful for me:

Joomla Security Checklist

Joomla Vulnerable Extension List

Good Advice in This Post

Last Updated on Tuesday, 14 June 2011 00:41  

Add comment


Security code
Refresh

Main Menu