News:

Support the VirtueMart project and become a member

Main Menu

website hacked

Started by wolfsauge, March 09, 2010, 12:22:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

wolfsauge

March 09, 2010, 12:22:24 PM
Hi everybody,
This morning my joomla/virtuemart (latest versions) website was hecked and a fraud paypal site installed. Also more than the half of my users/customers disappeared and most of the others are marked as not approved.
Also there is a "?>" on many pages, in the administration, too, I guess the hackers made a mistake, so their manipulation became visible.
Of course I deleted the dangerous stuff from the subfolder, and can backup the whole site - but I am afraid that the users' details are known now and wonder if that would be a good idea.

Has anybody experienced something like that and how did you handle it?
Best wishes
wolfsauge

Forrest

#1
March 10, 2010, 03:55:54 AM
Well, first would be determining HOW they did this.

1. Did you get the update for 1.1.14
http://forum.virtuemart.net/index.php?action=globalAnnouncements;id=4

2. Likely, they did not do this via the Joomla /VM code, but that you do not have proper CHMOD on your files/folders.

3. You were careless with your login for FTP/Joomla.

You should
1. Make sure you have updated code for VM, and likewise Joomla.
2. Change all usernames and passwords for admin type logins for FTP, Joomla/VM, and your database.
3. Check you CHMOD settings for all folders/files.
4. Always make backups!
5. Use SSL/SSH whenever possible to connect to FTP and J Admin
6. Never share your login details via email!

wolfsauge

#2
March 10, 2010, 10:55:50 AM
Hi,
Thanks for replying.
The point is that I updated everything and used the latest versions of Joomla as well as Virtuemart (including the security patch).
One week earlier I got an email from the "Password forgotten" function of my site, which was somehow suspicious. I guess someone tried to get the administration password, however since it was sent to my own email account, it did not care too much. Could that have been the way someone hacked himself into the site?
I have no other clue, since the points you mention I do care about.
Best wishes
wolfsauge

Forrest

#3
March 10, 2010, 10:58:07 AM
1. Change your admin username to something other than administrator.

2. Did you change your "secret" in J and VM? It's generic on install.

PRO

#4
March 10, 2010, 23:16:30 PM
You should always password protect your admin folder
That will help a lot.



Print
Go Up Pages1
User actions