If you would like to confirm if your account with Joomla get hacked, the most important thing that you must check is the raw access data that is present in the forum of web logs. You can try searching them for suspicious client requests .
such as: 192.168.0.1 – – [17/may/2009:06:07:30 -0500] "GET /index.php?live_site=domain.com/1.txt?? HTTP/1.1" 200 10864 "-" "Firefox"
It is not very easy to find out the traces of the web attack; however this can be detected with some blogs. This task may need an advanced developer and a lot of time will be taken by it. There are other logs such as FTP logs, error_logs can give you a small idea if there was an access for specific configuration file/folder and if it caused any errors. That’s why you should know the most common reasons for a Joomla to be compromised.
#1. If your website with the core Joomla installation gets out dated. The previous verions have serious security issues. You can easily check your hosted Joomla version just with few steps by logging in to your admin panel. There your current Joomla version will be specified that will provide with the complete details. In case your version is not the latest, you can follow this tutorial: How to upgrade Joomla
#2. Additionally installed components / modules are outdated : Moreover the installed components are commonly used but most of them get neglected. It is essential to keep a complete track on all the extra components / modules and make sure they are up to date. A user can also check the addon’s homepage for information about recent security issues and upgrade instructions.
#3. Open security holes with common misconfiguration : The Register_globals variables can be turned on in PHP’s configuration for the security measures. If it’s turned on the directive allows easy variable poisoning then later it make sure to turn it off.
1) allow_url_include turned on in PHP’s configuration – If its turned on, this will allows a remote code to be included in your scripts so make sure to turn it off any way.
2) using the default table prefix _jos – This opens the door for all hackers for injecting infected code in MySQL injections, a user can easily change the table prefix to something harder using this component. So that the injection will not able to get into the other website code.
3) RG_EMULATION turned on in Joomla 1.0.* – This directive emulates the register_globals locally, this could be a dangerous option to the website owner, if the directive is enabled, you will see a warning right after you log in to your Joomla admin panel you can switch it off by adding somewhere in the middle of the configuration.php file.
if(!defined(‘RG_EMULATION’)) { define( ‘RG_EMULATION’, 0 ); }
