It takes a lot to surprise us, here at Media Street, so we were extremely impressed, embarrassed and interested when the site got hacked on Monday the 18/01/2010 at 16:40.
To most people and companies, this could have been a scary experience and a costly mistake. However, luckily, we were prepared and with in minutes of the attempted 'hack' we had repaired the site and stopped the culprit. However, it was not to be laughed at. Instead we must learn from it.
Luckily the site is updated weekly with additional security fixes releases by the Joomla! team and customer details are highly protected so in the case of a hack it's almost impossible to access these important files. But still someone was able to alter our settings and exposed a (somewhat minor) weakness of the site's setup, being able to edit one line of code which resulted in our homepage going down for approximately 3 minutes.
So what Happened then?
16:40 : Automatic email sent to our This e-mail address is being protected from spambots. You need JavaScript enabled to view it warning us of a suspicious IP accessing restricted files
16:41: Email sent to administrator notifying of password change
16:42: Administrator visits site to find out what's going on and finds the homepage down from a permissions error.
16:43: Homepage re-instated via FTP and website placed active
16:44 - 16:55: Site tested and Log Files read. Incident investigated and culprit IP address logged.
Was it Serious?
Short answer: No
The incident was minor and really done with no real aim but to cause inconvenience to the website administrator. No data files with our website content or user content was accessed, illegally obtained or leaked. When the new password was accessed a code was requested and sent to the Administrator meaning that the account could only be reset by himself (16:41).
So Why did it Happen?
Being able to hack a website is a challenge and with programs such as Wordpress, Joomla! and Drupal all being released under public licenses it means that anyone can read the code and load/exploit weaknesses.
In reality trying to access any of these sites is actually a hard battle, however, some people can access basic settings and cause disruption if experienced. This 'hacking' can normally be reversed and fixed by:
1) Inspecting your index file and looking for changes
2) Checking your raw log files which will have tracked and recorded movements and errors.
3) Backing up your site frequently
4) Changing your websites theme/template and seeing if the error continues.
Add comment