We got hacked last month by a brute force attack on our FTP password. Once they had that, they got into the Joomla files.
Any site can be hacked. The other half of the equation is vigilance and backups :) Barrie North ~Fully Managed Joomla Sites~ www.simplweb.com/joomla ~Join the Community at compassdesigns.net~ www.compassdesigns.net/join-the-community.html On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko <masi...@verizon.net> wrote: > > Several of my clients' 1.0.15 sites have been hacked this week! Is > there a problem with 1.0? > > I don't see an announcement on joomla.org > > I just saw that my site was hacked the other day. Fortunately they > bunged it up a bit, so the code didn't run, but instead gave an error > message. > > What they had done is append javascript to the index.php file. It was > disguised as ascii codes, and there were several var defined and > substituted in, but the result was that it attempted to open a hidden > iframe directed to siplank.com. When I tried to open siplank.com in a > web browser (yes, I did that! I do lots of crazy things out of > curiosity) Firefox stopped it with a warning about the site being known > for malware. > > I'm running 1.5.9 on a shared host. I will be calling my host and asking > them what they can find out from their logs as to what happened. > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php >
_______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
