As you all knows Joomla & WordPress are the most popular CMS used by today’s webmasters. While WordPress powers 23% of all websites on the internet, it’s not the only open source content management system in the market. There are some other really awesome software like Joomla and Drupal. All three of them have a lot in common, but they still have their own pros and cons.
This is an important security alert regarding serious hacking attempts on CMS such as JOOMLA, WordPress etc.
Our Firewall Scanners has detected more than unusual sniffs [ Trying to identify vulnerable sites to launch and attack later ] on JOOMLA installed sites especially on older version of Joomla websites. Few months back Joomla’s default template bluestork had a vulnerability allowing remote users to create users through an injection attack. This has been fixed on later versions of Joomla. Affected versions are in all 1.6.x and 1.7.x, and all the older versions below 2.5.x.
Once the hacker gets the necessary rights, he is free to access Joomla’s backend. You can avoid this by upgrading the latest version and avoid the stop the upload function under the folder administrator/templates. This is purely due to the vulnerable version of CMS which you are having in your account. If you are not using the template, it is better to deactivate it and change permission of that folder to a non writable one such as 400 or even lesser. You may also consider renaming or removing it.
Please note that the issue could also happen due to one or many among the following;
- You might be running an outdated version or opencart, joomla, wordpress, drupal, whmcs etc
- You might not have updated to the latest security release of latest stable version or joomla,wordpress,drupal,whmcs etc
- There could be files with full permission (Read,Write and execute)
- There could be folders with full permission (Read,Write and execute)
- You could be using a vulnerable theme or template or plugins in wordpress, joomla, whmcs, drupal etc
- Your wordpress or joomla admin login details are simple / weak or compromised
- Your control panel login details are simple or weak
What should you do now ?
Please do the following immediately.
- Upgrade your open source cms such as joomla, wordpress, whmcs, drupal etc
- Remove unnecessary installations of joomla, wordpress, whmcs, drupal etc
- Remove or upgrade vulnerable versions of plugins, themes, templates used in joomla,wordpress,drupal etc
- Check the file and folder permissions. See whether they are having full permission
- Reset your Cpanel login details , administrator password and also reset database and mails password.
- Keep tough passwords like ho!fi%#e#$rHO
- Make sure your local computer is secure.
- Reset your MySQL user name and password
- Change the config file such as wp-config.php to 400 permission so that others cannot read expect your domain user
- If possible rename your upload folders or move them outside public_html folder
Always keep your CMS updated with the latest version.