If you have ever had the unfortunate experience of being hacked by malcious users you will know how frustrating it can be to deal with the clean up. If you have questions such as how it happened, how the problem can be rectified and prevented in future this is the article for you.
What happened to our web site?
Hacking can happen in a variety of ways, there is not always a motive however, common reasons include; defacing the site for fame in the hacking community, selling of email lists pulled from the database, increase traffic to other sites via redirects and SEO attacks to improve site ranking for other sites. Generally, websites are hacked by automated scripts looking for known vulnerabilities in content management systems, which are shared in the hacker community.
The main task is to close whatever loop allowed the attack to prevent the script running again and the best way to achieve this is to upgrade to the latest stable version of your CMS.
How did hacker(s) manage to gain access to the website?
There can be a variety access points including directly through vulnerabilities in an older version of the CMS platform, 3rd party CMS components, server control panels, server permissions, code injection, compromised passwords and more.
Who actually hacked into the website?
It is extremely difficult to identify who hacked the website as the scripts are not always traceable particularly if the hackers do not deface the site with their trademark message.
Primarily the culprits are groups of people in hacking communities, sharing information and attacking mainly outside their own country.
How do we rectify the problem?
Butterfly provide a service to scan and clean the site of malicious code. On average this takes up to 3 hours however this is dependent on the severity of the situation.
An alternative method is to restore the website from a back up if there is a recent clean version available however we will not gain any insight into the way the site was hacked in this situation.
It's important to note that cleaning the malicious code does not fix the original vulnerabilities and as such Butterfly recommends the following:
- Assess the website for an upgrade to the latest version of the CMS including all 3rd party components.
- Reset super administrator and FTP passwords
- Check server permissions are set correctly
How can the risk of hacking be decreased?
1) Upgrade and Patch
The simplest way to prevent hacking is to be aware of/stay up to date with the new releases/patches via scheduled website "check-ups" or regular updates within a monthly support retainer.
Check-ups provide reports on your current versioning, new versions available, estimated upgrade time and costs to carry out the update.
A monthly upgrade package is available on a 10 hour monthly retainer over 12 months. The upgrades are performed as available, tested within a staging environment and applied to your website. Following the upgrade Butterfly provide a report on actions performed. This is the simplest way to stay on top of current and future upgrades. Butterfly are able to create custom patching packages for 3/6/12 month upgrades as requested.
The final option is to request an upgrade assessment at any given time. A quote can then be provided to complete available patches. The assessment will take a minimum of 3 hours.
2) Increase server security
A website with a dedicated server is less at risk of hacking than a site in a shared server environment due to the decreased entry points to your site.
3) Utilise 3rd party scanning systems
Online software available that can be integrated with your website such that the website can be scanned for malicious activity occurring on your website.
Are there any guarantees or warranties surrounding another successful hack?
There is no guarantee or warranty to prevent future hacks. It is best to think of it like a car, which you insure from burglary and install alarms on, but if someone wants to smash a window, then they can often succeed. In this case, the upgrade is the alarm, and the maintenance is the insurance. Butterfly provide a fast and efficient service to get you back up and running if an attack occurs, and we have very good systems in place to ensure sites are recovered quickly.
Joomla and Hacking
Is Joomla 1.5 a target?
Joomla 1.5 is no longer supported by the Joomla community so there will be no further subversion releases to patch Joomla 1.5 past version 1.5.26. This means that hackers are more likely to target sites on Joomla 1.5 as the rate of finding sites with vulnerabilities increases.
Butterfly advises that all Joomla users upgrade to Joomla. 2.5 which will be supported until December 31st of 2014.
Joomla 3.5 (long support release) will be available to upgrade to after March 2014 and will have guaranteed support until December 31st 2016
What has been done so far to close down all of the known security holes in Joomla?
Any content management system is vulnerable to hacking because the server is purposely set to allow read and write access so that you can edit the site from the CMS. This is true of Joomla however the advantage of using Joomla is that there is a global community devoted to finding and fixing vulnerabilities. As vulnerabilities are exposed the community works to remove the problems for the next Joomla release.
With these updates available from the Joomla community updating to the subversions, long term releases and upgrades within components is streamlined as the core fixes are are upgrades websites can greatly mitigate security risks.