On or around April 13th, 2013, the online world witnessed massive brute-force attacks on millions of servers all over the globe. Two specific targets were sites using the Joomla! and Wordpress content management systems. The widespread use of these two popular CMSs make them popular targets for hackers. An unprecedented number of websites were infected with all kinds of trash ranging from a simple "Hacked by So-and-So" to extremely dangerous malware injections that turned once-friendly, informative and innocent websites into spam centers or worse, into de-facto distributors of dangerous viruses.
Casual hackers look for open holes in website coding and exploit them to replace the entire website and all of its content with a simple HTML file with credit to themselves. Of course, they do not reveal themselves in person; rather it is an allusion to a handle such as "Mr Hack" or "Save the Whales". Mostly just nonsense that the hacker gets a good laugh with while having a few beers with friends. These types of hacks are normally easy to identify and correct by scanning the files that make the website work; the "brains" of the site, if you will.
Unfortunately there are hackers that go way beyond the antics of the casual joker. Teams of professional coders create a series of automated scripts and unleash their creation to crawl the web, searching for weak points in a site's armor. They crawl your site in a manner similar to GoogleBot, only instead of digesting content, they digest the source code of your website. If a reference to a vulnerable file, plugin or component on the site is detected they attack. Cracking administration passwords, exploiting naked upload and posting code, and taking control of mail functions are the most common points of entry.
The door left most wide open to hackers by the majority of sites is deprecated or sloppy coding. The php language dominates the online world. It is a language that is being frequently updated, both to improve performance as well as to close doors previously open to known security issues.
The vast majority of hacked websites use outdated or deprecated php coding.
Content management systems such as Drupal, Joomla! and WordPress are extremely popular and are used by millions of websites all over the world. However, just because the software is free and either yourself or a design studio set up a website doesn't mean that the story ends there. Websites must be maintained, kept up-to-date and monitored constantly to detect and act upon any security threats before the site is actually hacked.
Joomla! 1.5 has now been deprecated and unsupported for over a year. The best way to secure a Joomla! 1.5 site is to upgrade as soon as possible! At the very least the site should be running version 1.5.26. The Joomla 1.5 core has a vulnerable mailing component, and popular extensions identified with security problems include Akeeba Backup, VirtueMart, JCE Content Editor, K2 and some Phoca add-ons. JCE should be un-installed immediately. Slideshows and content rotators should be disabled. And all forms, comments, reviews, ratings and mailing functions should be turned off in VirtueMart and K2. I am not singling out the mentioned extensions. Basically the entire site is under threat just by being on Joomla 1.5. I only mention those extensions because they are installed on a large number of Joomla sites.
Disabling and/or un-installing risky functions and extensions will buy you some time while the necessary action is taken. As a preventative measure JHackGuard or Akeeba Admin Tools should be installed and activated. All admin logins should have both their usernames and passwords changed, preferably using a random password generator that includes at least eight alphanumeric characters and symbols. $4f[AKm^~jc7 is impossible to remember so jot down your new passwords in a safe place.
Once these safety precautions have been taken you should immediately upgrade to the latest stable version of Joomla! 2.5. One useful tool for achieving this is redComponent's jUpgrade. There is an informative DIY article written in the Joomla docs.
File Transfer Protocol (FTP) is a popular means of editing website files, uploading and downloading images and documents, and file sharing. However, it is extremely unsecure. Use your hosting company's secure control panel's file manager instead or secure FTP connections and refrain from using file manager extensions within Joomla administration.
Despite the heat WordPress and Joomla! have been taking following the recent spate of attacks, the CMSs themselves are not particularly at fault. Due their widespread popularity they tend to be more frequent targets. However, security issues are patched very quickly and only by running the latest version of all site software can you assure maximum security against hacks. When your computer has OS or software updates, you update. The same should hold for your website. Keep it updated, healthy, safe and clean. It will save you lots of time and frustration.