Joomla! and Wordpress Under Scrutiny Following April's Brute-force Attack

Posted by on

Joomla and Wordpress under scrutiny following April's brute-force attacksOn or around April 13th, 2013, the online world witnessed massive brute-force attacks on millions of servers all over the globe. Two specific targets were sites using the Joomla! and Wordpress content management systems. The widespread use of these two popular CMSs make them popular targets for hackers. An unprecedented number of websites were infected with all kinds of trash ranging from a simple "Hacked by So-and-So" to extremely dangerous malware injections that turned once-friendly, informative and innocent websites into spam centers or worse, into de-facto distributors of dangerous viruses.

Why websites get hacked

Casual hackers look for open holes in website coding and exploit them to replace the entire website and all of its content with a simple HTML file with credit to themselves. Of course, they do not reveal themselves in person; rather it is an allusion to a handle such as "Mr Hack" or "Save the Whales". Mostly just nonsense that the hacker gets a good laugh with while having a few beers with friends. These types of hacks are normally easy to identify and correct by scanning the files that make the website work; the "brains" of the site, if you will.

Unfortunately there are hackers that go way beyond the antics of the casual joker. Teams of professional coders create a series of automated scripts and unleash their creation to crawl the web, searching for weak points in a site's armor. They crawl your site in a manner similar to GoogleBot, only instead of digesting content, they digest the source code of your website. If a reference to a vulnerable file, plugin or component on the site is detected they attack. Cracking administration passwords, exploiting naked upload and posting code, and taking control of mail functions are the most common points of entry.

The door left most wide open to hackers by the majority of sites is deprecated or sloppy coding. The php language dominates the online world. It is a language that is being frequently updated, both to improve performance as well as to close doors previously open to known security issues.

The vast majority of hacked websites use outdated or deprecated php coding.

Other culprits can be found in JavaScript and especially outdated Flash players. Amazingly, the amount of webmasters who use login credentials such as "admin" with a four-letter password matching the login name is truly astounding. Websites with weak usernames and passwords are easily cracked by the spambots and, once inside, all kinds of nasty stuff is installed and injected into the hosting account and the website files. Some hacks install money-making backlinks to casinos and pornography sites while others infect the site with identity-stealing code that grabs visitors' browser cookies looking for bank account login credentials, credit card numbers and other personal information.

Content management systems such as Drupal, Joomla! and WordPress are extremely popular and are used by millions of websites all over the world. However, just because the software is free and either yourself or a design studio set up a website doesn't mean that the story ends there. Websites must be maintained, kept up-to-date and monitored constantly to detect and act upon any security threats before the site is actually hacked.

Securing a Joomla! 1.5 Site

Joomla! 1.5 has now been deprecated and unsupported for over a year. The best way to secure a Joomla! 1.5 site is to upgrade as soon as possible! At the very least the site should be running version 1.5.26. The Joomla 1.5 core has a vulnerable mailing component, and popular extensions identified with security problems include Akeeba Backup, VirtueMart, JCE Content Editor, K2 and some Phoca add-ons. JCE should be un-installed immediately. Slideshows and content rotators should be disabled. And all forms, comments, reviews, ratings and mailing functions should be turned off in VirtueMart and K2. I am not singling out the mentioned extensions. Basically the entire site is under threat just by being on Joomla 1.5. I only mention those extensions because they are installed on a large number of Joomla sites.

Disabling and/or un-installing risky functions and extensions will buy you some time while the necessary action is taken. As a preventative measure JHackGuard or Akeeba Admin Tools should be installed and activated. All admin logins should have both their usernames and passwords changed, preferably using a random password generator that includes at least eight alphanumeric characters and symbols. $4f[AKm^~jc7 is impossible to remember so jot down your new passwords in a safe place.

Once these safety precautions have been taken you should immediately upgrade to the latest stable version of Joomla! 2.5. One useful tool for achieving this is redComponent's jUpgrade. There is an informative DIY article written in the Joomla docs.

FTP is Dangerous

File Transfer Protocol (FTP) is a popular means of editing website files, uploading and downloading images and documents, and file sharing. However, it is extremely unsecure. Use your hosting company's secure control panel's file manager instead or secure FTP connections and refrain from using file manager extensions within Joomla administration.

Content Management Systems are Secure

Despite the heat WordPress and Joomla! have been taking following the recent spate of attacks, the CMSs themselves are not particularly at fault. Due their widespread popularity they tend to be more frequent targets. However, security issues are patched very quickly and only by running the latest version of all site software can you assure maximum security against hacks. When your computer has OS or software updates, you update. The same should hold for your website. Keep it updated, healthy, safe and clean. It will save you lots of time and frustration.

Steve is the founder of Puelo Consulting and a specialist in designing and optimizing Joomla! websites.

Born and raised in the United States, he holds a M.S. in Civil Engineering. After working on some important construction projects overseas he moved his investments to and settled in Argentina and opened a restaurant. Following six years in the food industry he began his online career.

He is a specialist in design and custom development of Joomla! sites, on-page SEO, speed optimization and financial consulting.

Steve currently resides in Argentina with his family.