One of the Joomla sites we host recently fell victim to a hacker attack.
We implemented a couple of simple changes for common hacks and suggest that anyone else hosting a Joomla 1.5 site do the same.
There is a default Super Administrator in Joomla with the User ID of 62. It’s important to block this User ID. You can’t delete it. I’ll cover the way to block it now.
- Log-in as a Joomla Super Administrator
- From the Site Menu choose User Manager
- Check the User with the ID of 62
- Click Edit (you cannot delete this user)
- From the Group list choose a lower level Group like Registered (you cannot Block a Super Administrator so must demote them first)
- Click Apply
- Now select the Block User – Yes radio option
- Click Save
Your User ID 62 user is now blocked and this hack cannot be exploited anymore.
There are two important files and in this case on of those was changed by the hacker. These are the index.php file and the index2.php files. It is a good idea to change both of these to read only rather than writable. You will have to access to the root folder of the website as this is done through file management rather than the Joomla interface. Let’s see how to fix that.
- Access the root folder of you website.
- Right click on the file named index.php and choose Properties.
- Check Read Only
- Click OK
- Repeat steps 2 through 4 for the file named index2.php
This is certainly not an end solution to the hacking problem but it will deter some of the more common attacks on your Joomla website and we recommend all Joomla website administrators implement them immediately.