-
I have come to the conclusion that the exploit used to hack into my system was most likely due to the Joomla version I was using, i.e. version 3.3.5. This version has known security issues. This is also my first attempt at building a website with Joomla and Rockettheme templates. I still have a lot more to learn about Joomla, PHP programming, etc.
Since then, I have restored and updated my site so that it is now running Joomla version 3.4.4. Unfortunately, version 3.3.5 was not a version that could be updated with the normal update process. My first attempt to update (using Extension Manager) failed and deleted some essential directories which blocked me from logging into the Joomla admin/backend (did not even get the login screen; only white screen of death). I identified the missing folders, and copied over these folders from another implementation of 3.3.5. What finally worked for me was unzipping a 3.3.6 patch version and copying it to the tmp folder of the website and using Extension Manager to install from that directory. Subsequently, I updated 3.3.6 with 3.4.4. I did all this on a test server on my local network, and once all updates were successful, I copied the entire website back to the production server (after deleting the complete hacked version of the website).
Lessons learned:
1) Always update to latest Joomla version.
2) Monitor Joomla.org or other sites for security notifications regarding website security vulnerabilities and updates.
3) Backup website every time you make changes to it.
4) Take additional steps to protect your website (as appropriate). Learn as much as you can about website security.
I'm still working on #4. I am looking into software that can be used to scan for changes (made by someone other than me), and ways to make backups a bit more easy. One thing I'm beginning to do is block IP address ranges from countries that are the greatest source of hacking attempts. The access history (and other clues) indicated the exploit originated from Algeria. Now, no one located in Algeria gets to access my website. I am also seeing accesses from Russia, Ukraine, and China. I am considering blocking these countries as well. I am just building my website as a hobby, and to display my photos (mainly to family and friends). I'm not trying to sell anything, and don't need the "MASTER OF SADNESS" to screw up my day.
-
The following users have thanked you: Matt, Vitaly