Dealing with Hacked Websites

hackers-suckSimply put, hackers suck.  Over the past six to eight months, I’ve had to deal with the hacking of many former (and a few current) client websites.  All but one of the exploits came through older versions of Joomla, and the exception being an older WordPress site.  Version 1.0 of Joomla is ancient by Internet terms, and there were several security exploits discovered with it.  Add to this that there are often third party extensions with additional exploit possibilities. This environment makes it so any jackass who can write a script that searches source code on pages for specific components or Joomla references can then upload files to your server.  Ugly.  Really ugly.

The compromised websites in all cases continued to function, at least somewhat.  One hacker injected a file into the site that would in turn alter the htaccess file adding mod_rewrite rules that would redirect anyone coming from Facebook, Google and just about any other search engine or social networking site.  If one were to type the URL in directly, nothing happened.  No URLs in the search engines were altered either; the redirects in the htaccess file hijacked only people who had headers from one of these sources.  A couple of sites had files that were posting text on pages and adding new links.  One hack destroyed the ability of using the administrator section of Joomla causing a 500 error upon login.

Read more