Posts Tagged security
Process to recover a Joomla site from an iframe hack
Posted by Gavin in Important Notice, Software on July 7, 2010
Last Friday I had the task of restoring a clients site after it was hit by an iframe attack. Another friend has since been hit so I thought it would be useful for me to share the process I used to get the site backup and running with only a couple of hours of down time. The most important thing here is to make sure you keep a backup of your site.
This is the process which I went through after reading about similar infections on the Joomla forum.
1. Backup the unclean site files and database.
This is important if in case the site has been updated since the last backup was taken. Backups from the control panel are saved in the .zip format. The archive will not be extracted in case viruses are located on your server.
2. Delete all files from the server.
This is the fastest method of recovery as trying to find the infected files/hidden files could take hours. It is unavoidable that the site will incur some downtime.
3. Reset all passwords.
All access details will be changed.
This includes: FTP Password; MySQL Database username & password; all admin passwords
4. Restore site from last known backup
This may be out-of-date depending on updates. If it is then files will need to be individually extracted and verified to be clean.
FTP is how I restored my site. I’ve read that you should not allow FTP programmes to save the password in case your local computer is effected with viruses that harvest ftp account information thus by-passing all your efforts at hardening your security.
5. Verify site functions normally.
Check the site works as expected and that it is clean from exploits. Put the site into maintenance mode to hide from public while admin tasks are performed.
6. Confirm the web account is running php5 and not still running php4
PHP4 is no longer in development and PHP5 is more robust.
7. Add server hardening commands to php5.ini file
As recommended by our host these extra arguments should reduce the possibility of future attacks
8. CHMOD all files and folders
This ensures that all permissions correctly set.
9. Uninstall any unused components & modules
Unused components can be removed safely which reduces the need to update them.
10. Consult the Joomla Vulnerable Extensions List
11. Check for updates to all site modules
If security updates are available then they will be patched. Backups will need to be taken again prior to patches.
12. Return site to live mode.
Once we are happy that the site is clean and restored we will enable it again for all public access.
About Gavin Cole
Creative designer at the Images Group. I spend a great deal of my day in Photoshop, Dreamweaver and the Webmaster Tools. Wing Chun Practitioner, part-time PC Gamer, Horror movie lover and a fan of technology & science fiction.
- Web |
- Google+ |
- More Posts (18)
Kaspersky Internet Security blocking images
Posted by Gavin in Hints and Tips, Software on June 25, 2009
The Problem
Okay, so I’m working on a clients site and notice that the images used on the top of the page are missing. There is nothing special about them, quite a large jpeg image used in the site’s header or banner area. I clear my FireFox cache and check again. Same problem. I try Internet Explorer – same problem. I try Opera, Safari and Chrome – yep something is wrong here. I get my colleague Jim to check and he cannot see the images either. I log into FTP and check that the images are not corrupt by downloading them to my desktop, and sure enough they look fine.
The customer calls about not liking on of the photos used on a particular page – they can still see them! This reminds me that in our office we recently changed from the AVG 8.5 after being disappointed with its performance to Kaspersky Internet Security 2009. I’ve used Kaspersky at home for a while now (although just the AV) and prefer its interface and protection over AVG.
The cause
I click on the icon in the Task Bar and Pause Protection for a moment to check the page again. Hey presto, it worked! Surely I cannot go without protection just to view a few images. And why is it only certain images that are hidden?
A quick google search for “kaspersky blocking jpegs” led me to a post on Labrow Marketings blog discussing the same thing, only with a lot more detail as Peter actually had correspondance with Kaspersky Lab about the issue.
The solution
Download a newer Kaspersky release (not just an updated definition file), or to disable the feature under Settings > Content Filtering > Banner Ad Block.
I’m glad that’s sorted. Now, back to work.
About Gavin Cole
Creative designer at the Images Group. I spend a great deal of my day in Photoshop, Dreamweaver and the Webmaster Tools. Wing Chun Practitioner, part-time PC Gamer, Horror movie lover and a fan of technology & science fiction.
- Web |
- Google+ |
- More Posts (18)
Follow Us on LinkedIn
