Hello Barrie, May I inquire as to how you verified the attack? I know that FTP bruteforcing is extremely difficult, and that is very improbable. What you may have faced was a dictionary attack, which may have worked with some luck if you had a weak password. A password including a mix of
1) UPPERCASE 2) lowercase 3) punctuation/!#$., 4) numbers and have a good strong/long password you would never fall victim to dictionary. As for bruteforce, an ftpd simply denies access after 3 or 5 (configurable, usually defaults to 3) failed login attempts for some time. Some hosts go as far as restricting ftp access until you call them and verify the problem. Also, brute forcing over a TCP pipe a slow protocol such as FTP is virtually impossible. At this rate it would take YEARS to bruteforce the password if not DECADES. @ Other users Also make sure to go into joomla user configuration and change the username of 'admin' to something else. To protect your joomla administation section If you have a static ip, you can add order allow,deny deny from all allow from your.static.ip.here to a file called .htaccess in your administration folder. If for some reason your ip changes and you get locked out, simply login via FTP and update the .htaccess file. There are some other advanced methods for protecting your administration folder. Also, FTP was a protocol developed 30+ years ago. It is not secure, clear text authentication, etc. FTP must go. If you can help it, do not use ftp, instead SFTP, or SSH. Just.. anything but FTP. Sadly, thats all that is easy to use, highly available across all hosts, and not everyone on shared hosting provides SSH access. If you can do without it, do without it. http://wooledge.org/mywiki/FtpMustDie I have seen more sites hacked due to unpatched php or bad php code(mostly from 3rd party addons) more than I have with FTP though. Still with good security practices you can reduce the risk considerably. Peace. 2009/3/26 Barrie North <bar...@compassdesigns.net>: > We got hacked last month by a brute force attack on our FTP password. Once > they had that, they got into the Joomla files. > > Any site can be hacked. The other half of the equation is vigilance and > backups :) > > Barrie North > ~Fully Managed Joomla Sites~ > www.simplweb.com/joomla > ~Join the Community at compassdesigns.net~ > www.compassdesigns.net/join-the-community.html > > > On Wed, Mar 25, 2009 at 11:23 PM, Mark Simko <masi...@verizon.net> wrote: >> >> Several of my clients' 1.0.15 sites have been hacked this week! Is >> there a problem with 1.0? >> >> I don't see an announcement on joomla.org >> >> I just saw that my site was hacked the other day. Fortunately they >> bunged it up a bit, so the code didn't run, but instead gave an error >> message. >> >> What they had done is append javascript to the index.php file. It was >> disguised as ascii codes, and there were several var defined and >> substituted in, but the result was that it attempted to open a hidden >> iframe directed to siplank.com. When I tried to open siplank.com in a >> web browser (yes, I did that! I do lots of crazy things out of >> curiosity) Firefox stopped it with a warning about the site being known >> for malware. >> >> I'm running 1.5.9 on a shared host. I will be calling my host and asking >> them what they can find out from their logs as to what happened. >> >> _______________________________________________ >> New York PHP SIG: Joomla! Mailing List >> http://lists.nyphp.org/mailman/listinfo/joomla >> >> NYPHPCon 2006 Presentations Online >> http://www.nyphpcon.com >> >> Show Your Participation in New York PHP >> http://www.nyphp.org/show_participation.php > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
