Monday, January 6, 2014

How To Fix A Hacked Joomla Website

Do you know what is a webmaster's biggest nightmare? You're right. It's the hackers. Every now and then, website administrators get to deal with hackers. It's not possible to make your website 100% hack-proof. A small security hole in your entire website's coding can give an experienced hacker access to the backend of your website. And if they manage to crack it down, you may have a hard time figuring out what to do if you didn't have a backup. However, if you do have a backup, you can restore the site. But what's the guarantee that it won't be hacked again? How do you exactly what security hole gave the hacker access to your server in the first place?

There is one tool that can do the job of finding out what's the security hole and what other weak points there are on your website. The tool is called Audit My Joomla. If you remember, we faced the same hacking experience a while ago at ThemeXperts. This was the tool that made our website's security stronger and protected. But before we talk about how to audit your website with this tool, let's first look at some of the basic features the site comes with.

Features

  • Audit My Joomla scans your entire website in just a few moments. You have to first sign up with them and you will be provided with a downloadable extension that you need to upload and install on your Joomla site. The tool then scans for all potentially harmful contents in your website.
  • During a hack, a hacker may leave a backdoor on any of your website's core files so that they can gain access later. Audit My Joomla will instantly scan and recognize those changes in the file that are suspicious.
  • If you're using too many extensions and your site is very large, you might be wondering which files are untouched and which files are affected. With Audit My Joomla, you can easily revert the core files to their distributed state making sure everything is at their default.
  • Like I already said, you will never know where the security holes are. Audit My Joomla can look them up for you and you can make very technical changes in your Joomla quite easily with the tool.
  • You can also get suggestions for best practices by using this tool. For example, if you are using root username to connect the database, you're at risk. The tool Audit My Joomla will suggest you to change that username to something more complex so that hackers can never guess what it is.

What to do after a Joomla site is hacked

You can use the tool to secure and fix your Joomla website and NOT to backup or restore the content. Audit My Joomla offers two types of auditing. The easiest way is to let them do the job. But if you're a little familiar with Joomla administration interface and how these things work, you can do the audit by yourself. You need to register with a username and add your website before you can audit it. Just so you know, the first audit is totally free of charge. From second audit onwards, however, you will have to pay which is worth the service.
So, let's fix and secure your Joomla site for free!

Install and Activate

After you add your first website, you'll see a screen idential to the one below. You must click the Generate new connector for the extension to be ready.
generating-ready.png
Within moments, the download button will show up and you can download and install the extension to your Joomla website the usual way.
download-install.png
As you can see, you can also use the button on Step 2 go to go the Joomla administration panel on your website directly.
upload-install.png
Once the plugin has been installed, you'll see a message saying that there isn't anything more you can do from your Joomla administration. You need to go to the first tab and continue with the following.
The buttons to test endpoint are self-explanatory. Click accordingly.
test-endpoint.png
If connection was established, you will see the word “endpoint” upon clicking the button. Remember to click the right button. If you are using Joomla 1.5.x, use the 1st button. If Joomla 2.5+ is running on your site, use the second button.
Now, click the Connection Test button to make sure that the connection has been established. If connection is established, you'll briefly see the success message.
connection-success.png
You will then be redirected to start audit page. You will have to confirm that you want to start auditing now. The page here will look identical to the one below:
start-new-audit.png
As soon as you click the start button, Audit My Joomla will start its magic. You will see a live screen of what the plugin is doing on the next screen. Be patient, though; this may take a while if you have a very large website.
audit-progress.png
As the audit finishes, you'll see a screen with all the details of audit results. From there, you can what problem the plugin found on your website. If it has found any problem, there will be blue button that reads “next steps” next to the configuration name.
joomla-audit-next-step-1.png
audit-result-analysis.png
If you click the next steps button, you'll see all the details of what the problem was and what the tool recommends you to fix the issue.

If you scroll through the audit results, you might be a little bit overwhelmed. The tools developer writes,
Remember, the object is NOT just to get green OK for each item, the aim is to understand more about your site and its integrity at this moment in time. In fact its impossible to resolve all items in this list as some checks have knock on effects to others.

If you've got enough time or a dedicated developer, you can have them check the entire result and take action to better protect your website from hacking attempts. If you'd rather leave it to the tool's developer, you can always pay and get their service right over to you. Fees for the service can be found here: https://manage.myjoomla.com/faq/fees
As you might have already realized, the service is really amazing. The tool takes deeper-than-any-human-can-do look into your Joomla's core files and comes up with an incredibly detailed result and possible fixes within minutes. This is some serious stuff that every serious web developers and administrators should have on their Joomla website.
Just as a reminder, the first audit is free. But you cannot audit your website again without paying the charges.

Your Turn

What security measures have you taken to protect your Joomla powered website? How do you find out after your site has been hacked where the problem or security hole lies? Let us know if you have come across any other tool that does better job than Audit My Joomla!

http://www.themexpert.com/blog/how-to-fix-a-hacked-joomla-website

https://manage.myjoomla.com/

Thursday, January 2, 2014

Jooma - Upgrade 1.7 to 2.5 to 3.0

Upgrade

http://docs.joomla.org/J2.5:Upgrading_from_an_existing_version
 
If you are updating to an x.x.0 release (for example, from 1.7.3 to 2.5.0), this will normally be a file like Joomla_2.5.0-Stable-Update_Package.zip. If you are updating within the same release series (for example, 2.5.0 to 2.5.1), then the file will be named something like Joomla_2.5.0_to_2.5.1-Stable-Patch_Package.zip. 
http://joomlacode.org/gf/project/joomla/frs/?action=FrsReleaseBrowse&frs_package_id=6257

At this point, you have three options:
  1. Install from URL
  2. Install from Directory
  3. Upload Package File

Database Errors When Upgrading to 2.5.0

http://docs.joomla.org/Database_Errors_When_Upgrading_to_2.5.0
When upgrading from an earlier, compatible version, to 2.5.0, you may experience a database error such as the following
JInstaller: :Install: Error SQL DB function failed with error number 1060 Duplicate column name 'ordering' SQL=ALTER TABLE `j17_languages` ADD COLUMN `ordering` int(11) NOT NULL default 0 AFTER `published`; SQL = ALTER TABLE `#__languages` ADD COLUMN `ordering` int(11) NOT NULL default 0 AFTER `published`; Files Update: SQL error file DB function failed with error number 1060 Duplicate column name 'ordering' SQL=ALTER TABLE `j17_languages` ADD COLUMN `ordering` int(11) NOT NULL default 0 AFTER `published`; SQL = ALTER TABLE `#__languages` ADD COLUMN `ordering` int(11) NOT NULL default 0 AFTER `published`;"
To fix this issues, go to Extension Manager -> Database then click the fix button. This will attempt to fix any database issues caused by changes in the database structure that occurred between versions.

Should I update from Joomla! 2.5 to 3.x?

http://docs.joomla.org/Joomla_3_FAQ
In most cases, probably not. Joomla 2.5 will continue be supported until December 31st of 2014 and you can update directly to Joomla 3 once it’s tried-and-tested thoroughly by other users. You can even wait until Joomla 3.5 with release scheduled for Spring 2014 and still get a direct upgrade. The only reason you should update is if you need Joomla 3’s features or want to be on the leading edge.