Tutorial - Joomla 1.5 -Prevent and Recover from a site hack | Sarasota Marketing, SEO, Copywriting | Evil Genius TV

Tutorial: Joomla 1.5 -Prevent and Recover from a site hack

Filed in Blog,Tech & Tutorials, Video on Oct.21, 2008

One of my sites was recently hacked by some dildo. I was running Joomla 1.5 and they broke into the admin account with a known exploit. This video shows you how you can prevent it to start with and how to reset your admin password to get back into your site.

The Camtasia section of this video is pretty blurry so you can’t read the text too well, but I walk you through what you need to do and you can see what I am doing well enough. I wanted to get this up ASAP on the off chance that I can help anybody from having to deal with the same crap I am….and I didn’t want to spend forever blurring out all my information

So the takeaway?

1. Make sure you upgrade to Joomla 1.5.7 or later if you are running an old version of 1.5

2. Make sure to change the username of the default admin account.

Tags: 1.5, administrator, exploit, hack, hacked, jj kennedy, joomla, password, prevent, recovery, tutorial, Video

Print This Post

18 Responses to “Tutorial: Joomla 1.5 -Prevent and Recover from a site hack”

Balt Says:
October 26th, 2008 at 7:51 am
I just want to thank you for the video on securing a Joomla site. I got hacked this weekend and yes it feels pretty shit.

Thanks for your help. I was able to secure my site in minutes.

Regards

Balt
admin Says:
October 28th, 2008 at 3:41 pm
No problem. Let me know if there is anything else I can do to help out. I finally got mine back up after a few days (mostly due to screw ups on my end) so I understand the frustration :o)

JJ
Erik Says:
November 22nd, 2008 at 6:52 am
My site was hacked just like this, twice in the same week. This helped alot, but now I’m stuck trying to change everything back to the way it was. Very much a novice..you have a tut up yet about how to recover?
Thanks
Erik
admin Says:
November 22nd, 2008 at 10:15 am
Sucks dont it I am by no means an expert in this, but here is what I did. There seems to be a lot of demand for help here, so maybe I’ll try to throw together a tutorial soon.

If you don’t have a backup of your site (which you really should) call your ISP. They usually keep monthly backups of all sites. They can send you the most recent copy of your domain files. They will usually just throw them in a big ass zip file on your server.

(This does not help if your database is corrupted, but in my experience, hackers usually only mess with the site files)

Then do this:

1. FTP over all the hacked files onto your pc and put them in a folder called JustInCaseBackup.
2. FTP over the back up files your ISP gave you to your local pc, unzip, and put them in a folder called SiteBackup.
3. Upload and replace all the files your ISP gave you to your hacked site. ALL of them. Replace Everything.
4. With luck, you should be good to go. You might need to reinstall a few plugins.
5. If something is not working, go into your JustInCaseBackup directory and try uploading ONE FILE AT A TIME whichever file is not working anymore. Rename whatever file on your sever to “whateverfile_old.php” first. Make sure to do just one at a time. If it does not work, delete the new file and rename “whateverfile_olf.php” back to it’s original name.

Once you are back and going, make sure to install some backup plugin. I am very happy with WP DB Backup which you can find free on the web.
admin Says:
November 22nd, 2008 at 10:47 am
Sorry. I gave the wrong backup program. The one for Joomla is Joomla Pack. The one I use for wordpress is WP DB Backup
hacked dude Says:
December 3rd, 2008 at 5:34 pm
Thank you for your instructions it helped a lot. Just got hacked and it feels shity.
Sincerely
Marko
Korin Neko Says:
December 17th, 2008 at 12:57 pm
Thank you sooooooo much. Solved my problem with some little **&%$% who hacked our site.
Nice one.
Korin
mike Says:
January 21st, 2009 at 2:42 pm
These patches may help for a bit but eventually the hackers find other exploits. I used to have a joomla site but after following all the steps and still getting hacked I just gave up and custom built my site. I simply don’t have the time to read the joomla security forums every day and stay on top of this stuff.
admin Says:
January 21st, 2009 at 2:57 pm
Agreed. A skilled and determined hacker will always be able to find some exploit. No reason to give up though! Don’t let the terrorists win
Kevin Says:
March 9th, 2009 at 1:34 pm
Hi JJ,

I found you through your Youtube site. I have a few questions for you since you sound like an expert in using Joomla!. I’m extremely green to Joomla with no coding experience whatsoever but I want to site up a small site with video on it. I have been playing around with Joomla and have come to a point where I can use what I have with minor changes to their existing templates that come with the installation. The problem is two of the templates, you can’t change anything and the Beez one with minor flexibility.

My questions are: 1) how do I change the header bg color or put in my own pictures (I have tried to figured this out for the last 3 wks without any successes), 2) how do I change the identity logo on the web browser each time it loads up my site (you know the logo that shows up next to your site’s ulr), and 3) how do I change or get rid of the CSS and XML logo at the very bottom of the template (these logos are located at the footer but can’t change it there. It takes you to the site where it explains about the standard codes.).

You help will be much appreciated.

Regards,
Kevin
admin Says:
March 9th, 2009 at 1:36 pm
Hey Kevin,

I’m gonna post this and my response to the blog if you don’t mind. Might help some other people out too.

My first recommendation is to actually loose Joomla! It’s designed to be a system to allow multiple content creators, and is probably a lot more complicated and robust than you need. Especially if you are not that strong with coding.

I would recommend wordpress. If you have a decent understanding of the basic workings of Joomla, wordpress wont be too much of a switch to figure out.

Wordpress also has about a million times more people using it. As a result, there are WAAAAY more templates to choose from, and way more tutorials (especially geared at noobs) on how to do stuff.

If you switch over and still have difficulties getting stuff setup, and cant find any solutions, drop me a line and I will see what I can do to help.

But remember, I’m a marketing guy who knows a bit a bout tech, not a tech guy who knows a little about marketing. I may be a few steps ahead of you, but I’m a few thousand laps behind the real experts.

JJ
risvile Says:
March 31st, 2009 at 12:37 pm
Awesome tutorial, Thanks

but i was wondering about the part of music used at the beginning and the end of this video, I kinda like it too much to get it out of my head.
so, can you help me out and tell me where do i find/get that music please!?
admin Says:
March 31st, 2009 at 1:37 pm
glad you liked it.

The song is Spitfire by Prodigy
sieve Says:
April 28th, 2009 at 10:27 pm
thanks for the video - i’d add a couple things:

1) While in cPanel, change your FTP password, especially if you had it hardcoded in Joomla’s admin. interface. If they hacked your DB and gained admin access, your FTP info is right there for the taking.

2) Also, while there, create another mysql username and password and add the new user to the database. Delete the current user. Again, if they hacked the admin, they’d have access to that info as well.

3) If you’ve added SMTP creds to the mailer setup, change those at your mail provider, or your mail account is vulnerable.

Compared to the joomla admin credentials, if they have your FTP and actual mysql creds, you’ll never keep them out.

Can’t stress enough the importance of keeping the Joomla version current.

One really helpful tool is a script I use that actually checks the content and emails/txts if specific words don’t show up on my homepage. That way I can tell within two minutes if it’s been defaced. Often times, being able to respond right away can help minimize the damage, but as you mentioned, it’s still a major pain in the neck…..
sieve Says:
April 28th, 2009 at 10:29 pm
dog…forgot to mention with #2 above, that you need to update configuration.php with the new mysql username/pw.

can you edit that in?
Chase Says:
July 7th, 2009 at 3:00 am
hi there! i just want to ask this, i currently using joomla 1.5.9, and now they have joomla 1.5.11. i want to upgrade my site, but if i do will i lose all my contents? thanks..
Prospect Says:
August 19th, 2009 at 1:31 am
Hey i would suggest just make a custom m5 ” Encrypter with a salt and not use http://www.md5encryptor.com , reason(s) why is look how quick and easy it is to find out the hash from this site.http://passcracking.com/index.php

which i keep indexed cause i want to know how weak my hash is or for my clients (obviously without a salt).

http://www.md5encrypter.com
vs
http://passcracking.com

if you don’t believe me , you can always try it.
Brent Says:
September 9th, 2009 at 8:05 am
Thanks alot!!! If I could get my hands on one of those hackers…
Anonymous Says:
at