Joomla 1.5 files security problems

Question

I'm hosting with 1and1 UK a Joomla 1.5.26 website. This week we've been getting hacked and I do not know how to tackle the problem.

1and1 are COMPLETELY USELESS, answering a question like this "How did index.php change from 644 to 200 permissions" with this answer "to change the file permissions, follow these steps"..

Anyways, the questions I'm looking to have answered is:

What is the correct file/folder permissions setting? Is it: Folders 755 and Files 644?

Is there a component or another way in which to "search all files and folders and RESET the correct permissions"?

Is there a component or another way in which I can install additional security for both the files/folders, but also the database, to prevent these kinds of attacks?

Many thanks for your time

Answer 1

I suggest to use this plugin http://www.corephp.com/joomla-products/jomdefender.html#.UICsh1TDgb8

Good against bots, file integrity checks, all you mentioned.

Because you have outdated version of joomla, there is hardly to be another solution.

Answer 2

I answered a question similar to this, regarding hacking a hile back. I think it may come in handy for you. Please see the link below. It gives you a load of things you should take into consideration along with security extension recommendations.

Joomla! 2.5.4 Hacked: Having trouble with diagnosis

Folders should always be 755 and files should always be 644. Don't make either of them 777 for any reason and it poses a security threat.

I dedicated server most likely won't be the solution. It won't prevent hackers and is rather expensive if dont correctly.

Hope this helps.

Answer 3

I understand that your website is hacked, but you need to be a bit more explicit what exactly is happening.

Anyway, as a general direction:

• Protect your administrator directory with a .htaccess login file
• Update components to the latest version, check if there are any security problems with some of your components in the version you have installed.