Prolateral Consulting Ltd
Prolateral Consulting Ltd

joomla-hacked-sejeal-hmei7Has your Joomla!-Powered Website been hacked and if so, how can you tell? A lot of clients have come to us recently only having found out that their website had been hacked when potential customers did a Google search. They found notices about their website saying 'This site may be compromised' or 'This website may harm your computer'.  Or you may have received emails from Google AdWords saying your Ad Campaigns have been suspended or site-suspended due to Malware.

Your business doesn’t want visitors to feel at risk when browsing your website as this could impact your company’s reputation. These messages are displayed by Google when they feel a website may have been comprised, either by the placement of spam links or the placement of malware that could harm users computers. Google display these message to protect their users.

There are two ways that you can make your website secure and they are 1) Clean your website/server yourself or 2) Hire a Joomla Security Expert to do it for you.

Just recently we (Prolateral) have seen an increase in Joomla! site hacks displaying the message “hacked by sejeal” or “hacked by Hmei7”.  Both of these hacks are due to a vulnerability in the JCE editor, which I’m pleased to say has been resolved in the latest version.  It’s worth pointing out that although we have seen an increase in the number of hacks on sites that Joomla! is still a fantastic CMS (Content Management System) and in fact the main reason these sites have been compromised is that its success makes it a good target and also down to the lack of automated patch management in older versions of Joomla!.

So you’re left wondering if you have been affected by this hack? Well the sure tell-tale sign is to look in your /images folder. If there are PHP files in there then it’s very likely you have suffered from a security vulnerability in JCE.  Of course if you haven’t got JCE Editor installed then this hack is unlikely.
Recovering from the hack can be a little tricky and our advice is talk to a Joomla! professional (we can help you), however if you really want to have a go at it yourself then the list below will act as a guide.

  • Ensure you have a good backup, hopefully before the hack took place. Akeeba Backup is a really useful tool for this.
  • Check for any files that have been added or modified recently and if necessary clean the files up.
  • Ensure you are running the latest version of Joomla!, if not then you should patch upgrade
  • Upgrade to the latest version of JCE Editor
  • Install Admin Tools by the same people that do Akeeba and check the file system security and access rights
  • With Admin Tools also purge the sessions and clean the temp directory
  • Also worth considering is changing the super administrator ID which by default is always the first account created therefore easy to predict the ID number in the users table of the database.  This can be changed also by using the Admin Tools component.

As further protection to your Joomla site you should consider installing firewall components such as RS Firewall which has some cool security features such as enabling a lock-down preventing installing/uninstalling of components, modules or plugins.  The ability to restrict access to your Joomla! site based on GeoIP location.  To prevent someone brute forcing the password there is also a Captcha process that kicks in after a specified number of failed attempts and then even the ability to blacklist the IP Address if it continues, of course it is highly recommended that you whitelist your own IP Addresses first before you accidentally lock yourself out of your own site.

Prolateral are experts in CMS (Joomla) sites and consultancy.  If you have been hacked or you just want to talk to us about securing your Joomla! Site then please drop us a line, we would love to hear from you.

About Prolateral

Prolateral Consulting is in business to put your organisation back in control of your own Information Technology, specialising in information and messaging security, computer forensic services, and disaster recovery planning.

Contact Info

Prolateral Consulting Ltd
Luton, Bedfordshire, UK
Tel : +44 (0) 8450 763760
Email : This email address is being protected from spambots. You need JavaScript enabled to view it.

Instant Information request

Please complete the request for information if you wish to discuss matters further or if your needs are more urgent then you can request a call back from us.