SECURITY ALERT: Website Defacement on Joomla - Powered by Kayako Help Desk Software

Knowledgebase

(24)WHM (41)cPanel (30)Plesk (30)CentOS Linux Server (5)Windows Server (8)Cloud (11)Wordpress Hosting (186)MANUALS / GUIDES (26)Applications (42)CMS (Content Management System ) (110)Control Panel (35)Database (46)Dedicated Servers (24)Domain Name (16)Domain Name Server (DNS) (6)Downloads / Tools (6)Email Blasting (International) (130)Email Hosting (4)FAQ for ex-SmarterTeam customers (3)Google Apps (5)Network (5)Reseller Tips (2)FAQ for IPxCess (164)Security (106)Shared Hosting (5)SSL (2)Video Guide (2)VPN (Virtual Private Network) (9)Webserver

Knowledgebase: MANUALS / GUIDES

SECURITY ALERT: Website Defacement on Joomla

Posted by on 02 May 2012 12:24 PM

ATTENTION: All Joomla website owners/administrators

Our Security team received a number of alerts about website defacement on Joomla websites.

Therefore, we would like to propose you some precautions to take in order to prevent website defacement:

1) Update your Joomla components from time to time.
2) Do not install older Joomla themes/components/addons on newer a Joomla version. Although the Joomla system is allow to do so we do not recommend such installations (e.g you have Joomla 2.5 but install a Joomla component for version 2.3).
3) Remove or Delete any unused Joomla components or add-ons.
4) Change the Joomla default administrator username with another username. Default username: "admin".
5) Change your Joomla administrator password on periodic basis. Recommended: once every month.
6) Make sure all the File permissions are correct. File's Permission: 644 while Folder's permission: 755. As for "Configuration.php" file, change permission to 444.
7) Back up your Joomla on periodic basis. Recommended: at least once every month.

If you experience any issues, feel free to get back to us.
Thank you.