Probelm being a reseller.

[dst]

Since I have joined hostnine I have found that my joomla sites get hacked. I doubt there is a connection with the server per se but when I ask hostnine to restore the site using the backup - this never happens - ever.

Can anyone suggest a solution other than 1) leave hostnine or joomla?

[dst]

I have been told the backups dont work unless I catch the hack and get in touch with Hostnine in less than 24 hours.

I cannot control what sites I backup, how and when so I have my own copies from a central location using reseller central, are their alternative interfaces of software that will let me do this?

thanks

[zanass]

Quote:

Originally Posted by dst

Since I have joined hostnine I have found that my joomla sites get hacked. I doubt there is a connection with the server per se but when I ask hostnine to restore the site using the backup - this never happens - ever.

Can anyone suggest a solution other than 1) leave hostnine or joomla?

If your Joomla sites are getting hacked why use them, I don't blame H9, when sites like that get hacked it blacklists the server because they send out spam. Know what your clients have hosted, tell them you have a ZERO tolerance policy, if their sites get hacked, they are gone.

Just my 2 cents
Greg V

[H9Alex]

As stated in the ticket.


Keep all scripts up to date. And passwords good and secure.


This only happens when these things are not done. Plenty of users use these scripts and keep them up to date with out any issues.

[H9NickH]

Hello,

You should also realize that your security concerns are with Joomla, not us. They are the ones that continually release software with security flaws present in it. You may wish to consider a new software that takes a better approach in testing their software for security holes before releasing it.

[olivetreestudio]

I've been running several Joomla sites without being compromised for a couple of years now.

What you need to do is go through the security checklist.

Joomla, like all CMS's patch their software to cover up exploits.

I'm sorry to see HostNine people slamming Joomla, since every software has this issue. Plus the exploints they cover are usually things that cannot allow someone access to FTP/Administration features. It usually has to do with host configuration (which they cannot control). It also isn't fair to expect a host to change its configuration as they attempt to host a wide variety of sites.

Anyways, here is that list:

Security Checklist 7 - Joomla! Documentation

[PascM]

Well...in joomla 1.5.15 i don't know any site been hacked and to blame joomla.
Some times it's our fault since they hack the site with the ftp pass, which they probably have stolen from us.

I am hosting Joomla sites on H9 servers and so far i didn't have any problems.

[olivetreestudio]

You really need to go through the Security Checklist. I was hacked 1 time, now I go through this list every time, and so far, my sites have been untouched (on 2 different hosts, including H9)

Category:Security Checklist - Joomla! Documentation

[badjerzeeboy]

Quote:

Originally Posted by zanass

If your Joomla sites are getting hacked why use them, I don't blame H9, when sites like that get hacked it blacklists the server because they send out spam. Know what your clients have hosted, tell them you have a ZERO tolerance policy, if their sites get hacked, they are gone.

Just my 2 cents
Greg V

Change the default database prefix (jos_)

Most SQL injections that are written to hack a Joomla! website, try to retrieve data from the jos_users table. This way, they can retrieve the username and password from the super administrator of the website. Changing the default prefix into something random, will prevent (most / all) SQL injections.

You can set the database prefix when installing your Joomla! website.


Use the correct CHMOD for each folder and file

Setting files or folders to a CHMOD of 777 or 707 is only necessary when a script needs to write to that file or directory. All other files should have the following configuration:(I think h9 have something install on they server so you can use 755 without any problem not sure about this)

* PHP files: 644
* Config files: 666
* Other folders: 755

Delete leftover files

When you installed an extension that you didn't like, don't set the extension to unbublished. If you do, the vulnerable files will still be on your website. So simply use the un-install function to totally get rid of the extension.