Joomla Security Tips (6)

Brute-force attacks on Joomla sites are common these days. The reality website owners must face is that hackers are in control of large farms of hacked computers. These computers can be used to coordinate massive brute-force attacks on a website.

As a website owner, in fact I'm hosting several sites, I'm constantly getting these types of attacks on my servers. In this post, I look at a few ways to reduce the chance that someone gains unlawful access to your Joomla websites by way of brute-force attacks.

About a week ago, I received an email from an anonymous hacker. He had sent the same email to around 350 people in the Joomla community. They were all registered in the same affiliate system for a well-known software developer, and attached to the email was an Excel sheet with all of their contact info and user names. The hacker said he had extracted the info from an insecure system and offered "security services" to protect from similar hacks.

Apparently, people had been talking about this for a couple of days already on Twitter. Still, I wanted to check a little more what this guy was after.

The other day, I got an email from a reader about a problem with content in Joomla articles (more about that in another post). In the email, he mentioned he was using Joomla 1.5.20 (at the moment, 1.5.25 is the current version).

So, the first thing I told him was to upgrade his Joomla site to the latest version. At first, he hestitated. It's too hard! But after a few words of caution, he came around and changed his mind. And I think you should, too.

Crashed hard diskBefore Christmas, I experienced the nightmare of all webmasters. A hard disk on one of my servers went bad and I was unable to mount it.

- Oh well, I thought, that's not a big problem. I have a nightly backup.

When I called the hosting company - I was confident I had a couple of hours worth of work ahead of me. Boy, was I in for a shock...

This is an important and urgent security advisory from CB Team: Upgrade all your Community Builder 1.0 and 1.1 installations to CB 1.2.1 as soon as possible.

They received a private report yesterday from a  Joomlapolitan about a critical vulnerability of CB 1.1, that they could now reproduce and confirm.

I have written a post earlier about why you should keep your Joomla sites updated for safety reasons.

Phil Taylor published this Tweet today:

A lot of people getting old versions of #joomla 1.5 hacked today - been fixing sites all day for customers...
UPGRADE NOW to #Joomla (latest version)

I couldn't say it better myself. It's crucial that you upgrade to the latest version of Joomla.