Within minutes after the loophole in the Joomla! security was discovered by hackers, Joomla! based portals began getting hacked! Through the posts that I have seen on Joomla! forums I think over two hundred to five hundred Joomla! based portals must have been hacked in last two weeks.
For those who don’t know what Joomla! is, its a kind of software written in PHP using MySQL that is used to manage content of websites. The best thing about it is that it is extremely customizable and and user friendly. People use it because it is just like any other web based software that enables you to add, edit, delete etc. your content without you having any knowledge of programming/scripting languages.
Ok. Coming back to the topic. Our siteĀ also became a victim to this mass Joomla! hacking. Our site got defaced thrice! The hacking could have been prevented if I had updated our Joomla! to 1.5.6 or at least had the new security patch installed. Anyhow, after recovering the site for the third time I googled and found the contact of the hacker. He was a nice person who only hacked the site to warn us about the vulnerability.
I have learned how to hack Joomla! the way our site was hacked, but I will not mention it here! 
I have not yet patched or updated the Joomla version that we are using. But I hope I will update it soon, Insha’Allah! However since I now exactly know how Joomla is hacked I have made some changes that can prevent further hacking but still they are not foolproof.
August 24, 2008 at 3:26 am |
You REALLY REALLY should patch your joomla, its not painful, and its a MUST…
Most “hackers” defacing joomla <1.5.6 are just puting a ‘ in the token field, thats not hacking at all… but, by gaining access to you joomla backend, they also get access to your database and the filesystem (upload scripts, gather sensitive data, etc….)
So, if you are really concerned about your assets… upgrade NOW!!!
August 24, 2008 at 5:03 am |
Thanks for posting! I will Insha’Allah soon update my Joomla!