All geek questions in one place

File entered on Joomla website

we had Joomla 2.5.8. in this way the virus.php file of the virus / Public _html / modules / mod_jacontentslider / assets / CSS was created

This file sent spam messages non-stop.

we thought it was hacking php and updating to the latest php version and updating Joomla 2.5.11, and we again got into the same problem.

Any thoughts?

Update

I tried to download this infected file (list.php) to my Windows 7 PC. Microsoft security software detected a virus and prevented the download of this file.

So, is there any software on the Linux side (CentOS 5.9) that will periodically check files and automatically delete bad ones or notify us? We have installed a mollusk, which is useless. He did not detect this virus file.

+4
source share
3 answers

This type of problem is common with legacy CMS solutions. Its usually quite prone to vulnerabilities due to its popularity. There are many things you can do to prevent this type of attack, depending on whether you are on a shared server or a dedicated server, there are solutions available. I will name only a few

  • First, start by changing the password to a passphrase with characters, numbers, individual characters (15)
  • Change your passphrase frequently
  • Make sure that all of your server software is updated on patches and known vulnerabilities, if on a shared server contact your ISP with problems that you encounter.
  • Use sftp for porting and definitely do not use filezilla
  • Invest in a firewall that is very effective at preventing password attacks with brute force attacks over a specific ip range
  • Ultimately, you can visit these types of sites that sell you protection for Joomla http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/8384 or the type of site that explains avaialable hacks for joomla http://www.exploit-db.com/papers/15780/

We hope that these few tips will help you solve the problem you are facing.

+2
source

Upgrade to the latest Joomla 2.5 series for starters. Not that this version has any security fixes, however, it is always best to do this. This may be due to the extension you are using on your site.

I answered some questions a while ago, explaining Joomla updates, everything that needs to be considered, and what extensions can be used to ensure the security of your site.

Joomla! 2.5.4 Hacked: there are problems with the diagnosis

and

Why should I update the version of Joomla?

Hope this helps

+2
source

8 Ways to protect Joomla and prevent hacking!

Change the default database prefix (jos_) Use a SEF component Use the correct CHMOD for each folder and file. Password protect your administrative area. Keep your website up-to-date. Use a .htaccess file to secure your Joomla. Passwords - Use a unique and strong password. Install the jSecure Authentication plugin.

More details: http://www.toxzen.co.za/tutorials/item/30-8-ways-to-secure-joomla-and-prevent-being-hacked

+1
source

Source: https://habr.com/ru/post/1494311/

More articles:


All Articles