CODEWITHSUNDEEP
javascriptjoomlasql-injection
David michael
David michael

Reputation: 155

Javascript was injected into my Joomla website?

Today I found foreign JavaScript on my homepage along with a backlink to a website I don't recognize (although the backlink is not visible when viewing my homepage, they have positioned it somehow so that it is hidden but search engines still find it).

I was wondering how my Joomla website managed to become compromised? Is there any possibility you can think of? How can I protect my website from this attack in the future?

Upvotes: 3

Views: 1568

Answers (4)

vusan
vusan

Reputation: 5331

Installed joomla extension (plugins, module, component and template) may also contain file which will be very unsafe and may perform dangerous file activity like updating, renaming, deleting and creating the file on your site.

So my suggestion is read the joomla forum and manage the permission of your file according to that.

Upvotes: 0

Dzumla
Dzumla

Reputation: 160

I don't know HOW, but if you wanna eliminate it is probably it is in the index.php file, check there.

website root/templates/yourtemplate/index.php

Upvotes: 0

Jobin
Jobin

Reputation: 8282

First of all which version of joomla are you using.?

There is some possibilities to hack the Joomla Version of 1.5.23 or some similar version hacked and some bad script attached in all js files or may be some rewrite url condition in your .htaccess file. the best option to prevent the problem is Update your Joomla Version and change your admin and FTP Password.

Upvotes: 1

James
James

Reputation: 13501

There could be a number of reasons, a few things to check:

  • Are you on a shared server? Is it secure?
  • Has someone compromised your password?
  • Is your version of Joomla up to date?
  • Are you running any other PHP apps on your web server? Are they secure?

Just because Joomla appears to have been affected doesn't mean that it was necessarily the entry point for the compromise - check everything. Make sure you keep your software up to date. Disable anything you don't require to run your website. Use .htaccess to protect files and folders. Make sure your own computer is as secure as possible and patched and up to date. Make sure you are using the latest version of PHP.

Good luck.

Upvotes: 0

Related Questions