Does anybody have any ideas how I can stop a website from being hacked? It's seems that every man and his mother can walk onto the webspace and drop whatever they want on me! The latest was someody who decided to rip a Italian DVD onto the space and leave it for all his wee friends to come along and upload.
Once I pointed out to my hosting company that I have no interest in Italian DVDs, they promptly removed it and advised how they site was hacked.
Looks like someone was able to inject a shell through the 'error' variable, but for the life of me I do not know how I'm suppose to lock "errors.php" down to stop any more intruders....or which errors.php for that matter!
My php.ini file is looking like this at the moment...
memory_limit = 32m
max_exectution_time = 3600
allow_url_fopen = Off
allow_url_fopen = 0
register_globals = Off
register_globals = 0
disable_functions = show_source, system, shell_exec, passthru, exec, phpinfo, popen, proc_open
magic_quotes_gpc = 1
magic_quotes_gpc = On
safe_mode = 1
safe_mode = On
Can anybody offer any guidance as to what else I can add to php.ini or how I can lock down errors.php so that nobody else can walk onto this webspace and leave their rubbish behind.
The website is built around Bentobox template on Joomla 1.0.15, with JCE and Xplorer as the only obvious additions.
My host is monitoring the site for me but I'd rather just lock everything down and not have to worry about it!
I can honestly tell you that this isn't a template issue but an issue with Joomla, and more so the configuration which your hosting provider have for php.
I'm a rookie when it comes to php, but I can say check that your hosting provider is running PHP5, and also check that your site meets Joomla's guidelines for the optimum php settings.
You'll probably get some far better advice if you asked this question in the
www.joomla.org
forum, as there are probably others who have had this same problem.
Sorry for not replying earlier - for some reason I didn't get notified that anybody had replied to my post.
My hoster is running PHP5 and it complies nicely with Joomla expectations...however the php.ini is standard as in it's blank!
The php.ini file I'm now using is from the link that Mike provided...like him, I ended up there the first time I was hacked! Reading through that section, it's a real eye-opener to the things I was NOT doing after I have installed Joomla, be it from a clean install or from a Rocketlauncher install. I would recommend any Joomla user go there and check it out!
The php.ini I have looks pretty sound to me but I'm no expert!! I was told that the latest hack was via "errors.php" and I have no idea if that is something I can lock down with php.ini or is it something more involved that I need to look into.
Of course I could go to Joomla.org and ask this question...but I'm asking here because the solution to my problem may help other users of RocketTheme who get hacked...or who want to avoid that wee bit of pleasure!
I'm going to go over to the Joomla secuirty link again to see if I've missed anything but if anybody knows anything about locking down errors.php please let me know!