One of my joomla webpages has been hacked. Please help.
Alister
alister.ware at ntlworld.com
Sat Sep 22 07:10:28 EDT 2012
On Sat, 22 Sep 2012 18:07:32 +1000, Chris Angelico wrote:
> On Sat, Sep 22, 2012 at 5:13 PM, Νίκος Γκρεεκ <nikos.gr33k at gmail.com>
> wrote:
>> The web host company pulled a previous backup and now its all good.
>>
>> My apologies for the annoyance i have coused you all i wanted was some
>> insight so to make sure this wont happen again( it already happened 2
>> times by now).
>
> Just read those two sentences together, and figure out whether it really
> is "all good". What's happened twice can happen again.
>
> ChrisA
Indeed I would take this site down immediately until you can work out the
insecurity in your application.
without knowing too much I would suggest checking the following~:
Rule 1) Use a strong password for the framework administration.
Rule 2) Validate all inputs
Rule 3) Do not give your application any more access privileges to you
data bas that absolutely necessary.
Rule 4)Ensure any data files containing passwords (hashed or otherwise)
are stored outside the web-route.
Rule 5) Validate ALL Inputs
Rule 6) There is no rule 6
Rule 7) use prepared statements for database queries, do not construct
them on the fly from user input ( Google SQL injection)
Rule 8) VALIDATE ALL INPUTS!
(Acknowledgement to 'The Bruces')
--
My life is a patio of fun!
More information about the Python-list
mailing list