2

Thought I would put this here as it's not really suitable for JSE but possibly for meta.

If any of you have an account on JoomlArt or know anyone that does, please have a read of the following article:

http://www.joomlart.com/blog/news-updates/emergency-we-are-hacked-and-database-compromised

Their systems have been hacked.

This is now the second popular Joomla extension/template provider I've been notified about that has been hacked recently. The first hacked website was JoomDonation.

So just a warning to all:

  • Make sure passwords for FTP, PhpMyAdmin/ cPanel and Joomla Admin account are all very secure and not the same.
  • Check your hosting packages and ensure they provide high level security on their server which includes a firewall.
  • Take daily database backups
5
  • Important information. What is the other template club that has been hacked?
    – johanpw
    Commented Dec 6, 2014 at 11:58
  • JoomDonation was the other one
    – Lodder
    Commented Dec 6, 2014 at 12:02
  • Thanks for the information. While I am not going to close such questions on meta, I must mention that this is not the best place. It does not fit the SE format and at its best it reaches a handful of people.
    – Valentin Despa
    Commented Dec 9, 2014 at 20:48
  • @ValentinDespa - The thought has crossed my mind about posting the question on here, but seeing as it was an emergency notification, I felt inclined to post it, just in case any of you had an account on either website or know anyone that does. Knowing the situation rather than having your websites hacked is by far the best option ;) Even though this may be off-topic, it's crucial we allow posts like this on meta.
    – Lodder
    Commented Dec 9, 2014 at 20:53
  • @Lodder Your concern is mostly appreciated.
    – Valentin Despa
    Commented Dec 9, 2014 at 20:55

1 Answer 1

Reset to default
1

I simply wanted to make emphasis on this excellent point:

Make sure passwords for FTP, PhpMyAdmin/ cPanel and Joomla Admin account are all very secure and not the same.

I've seen too many Joomla sites with admin/admin as login, (or users real name followed by 123 as password), even for the MySQL database. I'd highly recommend using LastPass or any other similar password manager to use unique passwords on any site requiring login.

At JoomDonation, the entire ticket system was stolen (not sure about JoomlArt), containing ftp and login details used for support for who knows how many websites. Using unique password will at least reduce the damage.

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .