FlashLight Posted March 1, 2013 Report Share Posted March 1, 2013 Hi Folks, I'm sharing my experiences in hope that it will help another HawkHost user and save them a lot of time and worry. I have had 4 different Joomla 1.5 sites attacked since January, all with variations of the same hack. According the the Joomla community there has been a spike in these 'Hmei7' attacks since January. I found some info here that might be helpful to others with the same problem: There is info here on how to start the clean up:http://www.joshpate.com/2013/01/how-to-fix-hacked-by-hmei7-on-joomla-web-site/ http://blog.cripperz.sg/2013/01/12/how-to-fix-hacked-by-hmei7%E2%80%B3-on-joomla-web-site/ Also, once it is cleared up and Joomla updated to 1.5.26 (for those running 1.5) there are three extensions that are useful and cost effective: JHackGuard (free): protects against common hack attempts.http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/13233 AdminToolsPro (small subscription required): adds a firewall and automatically blocks IPs etc.https://www.akeebabackup.com/products/admin-tools.html JSecure Lite (free): changes the default Admin login page to something of your choice:http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection/23080 The last one is particularly useful as after installing AdminToolsPro and setting it up to notify me with failed Admin logins I could see that some sites were getting hammered with password guessing scripts. This dealt with that problem immediately. Hope this helps someone. Thanks. Andy Appaliafat, Appawlclopy and Patriflok 3 Quote Link to comment Share on other sites More sharing options...
Tony Posted March 3, 2013 Report Share Posted March 3, 2013 This is some excellent advice. We see a lot of compromised accounts and lately it's been a lot of Joomla all running versions that are years old. We try to block a lot of malicious requests every day but mod_security only goes so far without preventing a lot of users from accessing their sites. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.