Old 11th February 2008, 03:08
breakaway breakaway is offline
Junior Member
Join Date: Jun 2007
Posts: 21
Thanks: 2
Thanked 2 Times in 1 Post
Exclamation Securing


We've been hacked on two separate occasions. I suspect that the first time they got in through Joomla. And I know for sure that they got in through Joomla the second time.

What can we do to secure this installation so these script kiddies can't get in and deface my sites?

I've heard one solution is to block all OUTGOING on PORT 80 using iptables. However this presents me with a problem: The joomla sites have RSS feeds, and RSS won't work if OUTGOING PORT 80 is blocked. Is there a way around this?

ANY Help and tips on security highly appreciated
Reply With Quote
Sponsored Links
Old 11th February 2008, 09:12
madmucho madmucho is offline
Senior Member
Join Date: Oct 2006
Location: Czech republic, Karlovy Vary
Posts: 158
Thanks: 81
Thanked 11 Times in 11 Posts
Send a message via ICQ to madmucho

I dont thing if this help but try have your joomla installation updated. If you block port 80 you block all nonsecure http requests.. i dont thing that is your security solution.
Reply With Quote
Old 11th February 2008, 09:23
till till is offline
Super Moderator
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 37,015
Thanks: 840
Thanked 5,652 Times in 4,461 Posts

1) Keep your joomla installations up to date and have a look regularily on the jommla security announcements.

2) Mod security might help against some attacks:


3) Secure your php installation. For example you can use suphp + php as cgi were you set the openbasedir to the root directory of the website. Additionally, you can create a custom php.ini for every website with this kind of setup and deactivate all php functions that are not absolutely nescessary for joomla e.g. functions like exec, system etc.
Till Brehm
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing an ISPConfig website llamy General 8 31st July 2007 06:46
Securing phpmyadmin and phppgadmin tijn_tux Installation/Configuration 4 2nd January 2007 22:51
Securing Your Server With A Host-based Intrusion Detection System radox HOWTO-Related Questions 7 15th October 2006 15:33
Securing Your Server With A Host-based Intrusion Detection System - OSSEC HIDS bruma HOWTO-Related Questions 1 29th September 2006 15:29
Securing Your Server With A Host-based Intrusion Detection System PortMan HOWTO-Related Questions 3 22nd September 2006 14:28

All times are GMT +2. The time now is 13:37.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.