Increase in Joomla Hack Activity in 2013


Recommended Posts

Hi Folks,


I'm sharing my experiences in hope that it will help another HawkHost user and save them a  lot of time and worry.


I have had 4 different Joomla 1.5 sites attacked since January, all with variations of the same hack.


According the the Joomla community there has been a spike in these 'Hmei7' attacks since January. I found some info here that might be helpful to others with the same problem:


There is info here on how to start the clean up:

Also, once it is cleared up and Joomla updated to 1.5.26 (for those running 1.5) there are three extensions that are useful and cost effective:

JHackGuard (free): protects against common hack attempts.

AdminToolsPro (small subscription required): adds a firewall and automatically blocks IPs etc.

JSecure Lite (free): changes the default Admin login page to something of your choice:

The last one is particularly useful as after installing AdminToolsPro and setting it up to notify me with failed Admin logins I could see that some sites were getting hammered with password guessing scripts. This dealt with that problem immediately.


Hope this helps someone.




Link to comment
Share on other sites

This is some excellent advice.  We see a lot of compromised accounts and lately it's been a lot of Joomla all running versions that are years old.  We try to block a lot of malicious requests every day but mod_security only goes so far without preventing a lot of users from accessing their sites.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.