My joomla site is hacked by someone.The hacker change the content of my files and replace their content. I find it and deleted but again and again he is doing this.I changed my ftp and cpanel details.But no use.How to prevent this.Please help me any one
Thanks In Advance
For the moment, at least update to 1.5.26 and after that also install this patch.
Remove any unneeded extensions and also try to make sure that the rest of your extensions are up-to-date as much as possible.
You can also strengthen up your site's security with advanced .htaccess rules and security extensions like admin tools by Akeeba.
Read also:
Joomla Security Checklist
https://joomla.stackexchange.com/questions/2305/what-to-do-if-my-joomla-website-got-hacked
Also, this Google Search Results Page will present you with links to useful and important information.
Related
Hi and thanks for reading&answering my question. I am fairly new to Joomla,however I have built a directory website and started to put some content. I have created the standard pages(contact us, privacy etc) and added businesses. I would like SEO friendly URLs so I set Search Engine Friendly URLs, URL Rewriting --YES, and Suffix --No. However, Joomla somehow rewrites my alies and change them. example: mywebsite/bar-and-dinner is displayed now as my website/bar-din-r. I contacted the support of the plugin I use and they told me that I must have had some filters on Joomla that creates such a problem. I tried to purge cache on the website & server still the same. I just updated to Joomla 4.0. Thanks in advance for your help.
I am creating a website using Joomla 3 CMS. I have a requirement from my client that i need to change the existing page url extension from .html to .htm. As this website is redesign of a existing website the old links have .htm extension.
Open ../libraries/cms/router/site.php
Go to line number 144
And change
if ($format = $uri->getVar('format', 'html'))
to
if ($format = $uri->getVar('format', 'htm'))
I hope that helps
If you don't want to edit core files, and that is certainly not advised for sake of future upgrades. Your best solution is using a custom component for managing Joomla's SEF URLs, for example: sh404SEF (Paid) or JoomSEF (Free).
Check out http://extensions.joomla.org/category/site-management/sef for others.
Never ever edit Joomla Core files, otherwise when you upgrade Joomla, all your changes will be gone.
As #Alexxandar said; use SEO/SEF components for your needs. I recommend to use MijoSEF (Free or Paid)
Go to global configuration and remove the l from the suffix.
THis is a Joomla configuration question and a standard joomla configuration (not programming) option.
Now the one thing you will have to worry about is that if there are any old links to the htm pages. FOr this you will probably want to use the built in redirect component. Turn on the redirect plugin and then if you have a small number of pages you can just set up the redirection by hand. If you have more pages you may want to write the sql to create a bunch of redirects. Or you might want to make your own plugin to permanently redirect the old to the new.
I`ve been using joomla from past 2 years. As joomla is a very popular CMS for php lovers so hackers are always trying to deface the website in joomla. Anyone can easily detect the website is using on joomla or any other programming language by using wappanalyzer software. In joomla we can access the administrator panel by typing
http://phalana.com/administrator.
So my question is how to change the /administrator to something else so that hackers will not get to the administrator panel. So far i've seen the number of extensions in official joomla directory But still something is lacking on it.Can anyone help me to change the administrator path.
Changing /administrator is a very bad idea for a lot of reasons top amongst, ironically, is security. Apart from that it:
breaks lots of components
cuts you off from easy application of security updates
the effects of renaming are unknown from a security point of view
The best way to secure Joomla's /administrator area is to follow some simple steps...
Add realm authentication to the /administrator directory that way unless you hacker manages to figure out the username and password they're stumped.
Use an extension like JSecure or Akeeba's Admin tools (both allow your to set a "secret word" on the administrator URL) or check the extensions already available in the Login Protection section of the Joomla! Extension directory (called JED for short). N.B. I personally like Admin tools the most, with the /administrator?secreword, their application firewall and the .htaccess maker.
Follow the advice on the Joomla Doc's website Security Checklist
Personally we do all of these things and a bit more... as we keep telling people.
You can protect or hide your /administrator directory by creating an alternative directory wich sets a cookie that is sent to the http header in the request. That cookie will be validated from the index.php file at the /administator directory, if is not validated (when an unauthorized user wants to detect if your site is Joomla based by the known /administrator directory), then it will be redirected to the root directory for your site.
These are the steps.
*create an alternative /administrator directory ie: /admins_place
*inside /admins_place, create an index.php with the following code
snippet
<?php
$admin_cookie_code = "_hashed_secret_code_here_";
setcookie("JoomlaAdminSession", $admin_cookie_code, 0, "/");
header("Location: ../administrator/index.php");
?>
*In administrator directory add this code snippet at the beginning of
the index.php file.
<?php
if($_COOKIE['JoomlaAdminSession'] != "_hashed_secret_code_here") {
header("Location: ../index.php");
}
I hope this helps
I am using Wordpress and Easy Digital Download plugin to sell digital files.
I have the following how-to questions:
How to avoid a user to see or to use direct download link?
How to create a download link that has an expiration like session?
How to secure a wp-contents/uploads folder?
You might be interested in this:
deny direct access to a folder and file by htaccess
simply put a .htaccess file with the content "deny from all" in the folder.
Then only scripts from your webspace should be able to read files from there.
This should be a first step. You would need a php-file serving the data instead of accessing those files directly.
Eg like this: http://www.kavoir.com/2009/05/php-hide-the-real-file-url-and-provide-download-via-a-php-script.html
(as I am not aware of wordpress plugins, maybe just google for them, this explains how to write those in php - if you cant do that youre pretty much stuck to wordpress plugins)
Nah, Nah, Nah... It's easy man update your plugin, and check your settings...
Step 2. You will see in you plugin settings, that it has 24 hours expiration date download link in forwarded email
"WP Secure Links" is WordPress plugin at codecanyon that lets you create a secure link to downloadable files.
http://codecanyon.net/item/wp-secure-links/4418678
http://sixthlife.net/product/wp-secure-links/
for securing the uploads folder needs some good .htaccess work
check the comments section of this, its explained
Still relevant in 2020 so I have written a small plugin that enables secure and temporary downloads in Wordpress:
WP DISPATCHER
It is free and simple. Check it out :)
For some reason, when I log into my joomla 1.6 backend, it is now empty, displaying only a logout button. Any Ideas?
I just went through the same problem but on J!1.7.3. There may be many, many reasons but please check using just URL if you can see for example:
[YourDomainHere]/administrator/index.php?option=com_content or
[YourDomainHere]/administrator/index.php?option=com_modules
If content is listing and you're missing just Admin-menu and sub-navigation in back-end --> this means you messed-up with access levels and viewing access.
If you can't see content listing - ignore the rest of this post :-)
...with access levels and viewing access. To check that, try entering [YourDomainHere]/administrator/index.php?option=com_users&view=levels and enter each position in the list. Joomla backend navigation module usually has Access set to Special, so focus on this one. When enter Special - manager, author and super administrator should be ticked. If everything empty in any from the list - this is your issue :)
You need to add manager, author and super administrator to your Special access level. Obviously you can't see Save button, so you need to use database. [wrrr :) sounds scary?] Not a big deal, just go there using for example phpMyAdmin and find _viewlevels table. In there just edit Special and add [6,2,8] values to set up manager, author, super.....
Update database. Try to log-in one more time (close browser and clean cache before).
I hope if this wasn't helpful for you, will be for somebody else.
p.s. There may be a way of 'saving' changes in you joomla access levels with URL. Then you don't need to go to DB .. but I don't know if this is feasible at all :)
Check the rewrite of htaccess and the $mosConfig_absolute_path variable in config.php
Apparently, the Bluestork Template (admin template) has some security issues. In my case there were some missing files in the template folder /administrator/templates/bluestork/ that caused the administrator screen to appear blank. I've copied a clean version of the template in the bluestork folder and after that I was able to see the backend admin area.
I've removed the bluestork templates entirely for now, which seems to be the best option. Joomla installs 2.5.8, 2.5.6, 2.5.2, 1.7.0, 1.6.3 are affected. The Blustork Template is a target for hacks with old Joomla.
this happening becoz of admin user lost his permissions. see below article to fix this issue
http://www.codentalk.com/joomla-admin-showing-blank-page/