Identify a hack - How did the bad guy get in?

Download your Apache access log files to your local PC. It's not necessary to download the whole lot, just the records for the last X days, where X is the number of days since you know that your site was definitely not hacked. Use a “grep” program, like WinGrep, to search for potential hacking entry points.

What to search? Look for “insert”, “update” and “replace” as these signify a SQL injection attack. If it looks like a SQL command (possibly with comments like /**/ all over the place) it's most likely a SQL injection attack. Look for accesses to your administrator/index.php file which came from an IP other than yours, as these signify a brute force password cracking attempt or an unauthorized login to your site's back-end. Also look for access to PHP files except index*.php in your site's root and administrator directories.

If you run into something which looks like a SQL injection attack, take a look at the component's name (if it occurs in a URL with index.php in it). That's a potentially vulnerable component. Check if the component is listed in the Vulnerable Extension List and, if so, make sure you have a newer version than the affected one. All developers had a vulnerability at some point and released an update to “plug the holes”.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to disable JSecure so you can login to your Administrator

Use phpMyAdmin and go to jos_modules and set the value in JSecure - published to 0. It will be 1...

How to hide the Joomla administrator

By default, Joomla backend login URL is www.yoursite.com/administrator. It’s easy to...

Help! My site has been hacked.

This is the best tool on the Internet for hacked Joomla sites.  http://myjoomla.com

How secure is your Joomla website?

Please review this article if you want a secure Joomla website.

Hacked Joomla site? How to fix and prevent from reoccurring

If your Joomla site has been hacked, then we recommend you follow the steps on this page to not...