Archive for category Software
Process to recover a Joomla site from an iframe hack
Posted by Gavin in Important Notice, Software on July 7, 2010
Last Friday I had the task of restoring a clients site after it was hit by an iframe attack. Another friend has since been hit so I thought it would be useful for me to share the process I used to get the site backup and running with only a couple of hours of down time. The most important thing here is to make sure you keep a backup of your site.
This is the process which I went through after reading about similar infections on the Joomla forum.
1. Backup the unclean site files and database.
This is important if in case the site has been updated since the last backup was taken. Backups from the control panel are saved in the .zip format. The archive will not be extracted in case viruses are located on your server.
2. Delete all files from the server.
This is the fastest method of recovery as trying to find the infected files/hidden files could take hours. It is unavoidable that the site will incur some downtime.
3. Reset all passwords.
All access details will be changed.
This includes: FTP Password; MySQL Database username & password; all admin passwords
4. Restore site from last known backup
This may be out-of-date depending on updates. If it is then files will need to be individually extracted and verified to be clean.
FTP is how I restored my site. I’ve read that you should not allow FTP programmes to save the password in case your local computer is effected with viruses that harvest ftp account information thus by-passing all your efforts at hardening your security.
5. Verify site functions normally.
Check the site works as expected and that it is clean from exploits. Put the site into maintenance mode to hide from public while admin tasks are performed.
6. Confirm the web account is running php5 and not still running php4
PHP4 is no longer in development and PHP5 is more robust.
7. Add server hardening commands to php5.ini file
As recommended by our host these extra arguments should reduce the possibility of future attacks
8. CHMOD all files and folders
This ensures that all permissions correctly set.
9. Uninstall any unused components & modules
Unused components can be removed safely which reduces the need to update them.
10. Consult the Joomla Vulnerable Extensions List
11. Check for updates to all site modules
If security updates are available then they will be patched. Backups will need to be taken again prior to patches.
12. Return site to live mode.
Once we are happy that the site is clean and restored we will enable it again for all public access.
About Gavin Cole
Creative designer at the Images Group. I spend a great deal of my day in Photoshop, Dreamweaver and the Webmaster Tools. Wing Chun Practitioner, part-time PC Gamer, Horror movie lover and a fan of technology & science fiction.
Web | Twitter | Google+ | More Posts (18)Iframe Hacks and PC Vulnerabilities – Important Notice
Posted by James in Hints and Tips, Important Notice, Software on July 6, 2010
- Poor quality admin password.
If you have access to your websites admin section you must ensure your password is strong. - Software vulnerabilities
Just like your computer needs to be kept up-to-date as does your software. These patches can sometimes be applied easily over-the-top of your existing install. Major patches require a complete rework of the site. - Infected computers
If your computer has been infected in any way by a Trojan, keylogger or malware then this could be the culprit.
You should do the following:
1. Using a good antivirus software, scan and clean the PC that you use to connect to FTP.
2. Change your FTP passwords and your control panel passwords.
3. Edit and remove the code from your index files. Look for lines that begin “<iframe src=” and then they link to other sites.
4. Ensure that any scripts you are using (WordPress, Joomla etc.) are all up to date.
-
You are currently browsing the archives for the Software category.
Follow Us on LinkedIn
