DongollHello again !  Anyone who has been watching this site will see that it is different from before the beginning of March 2016. That's because the old site was hacked around this time, so I threw it all away and started again - this time with some modifications.  After all, the whole reason for this site is to experiment and see what works and what does not,

What did not work was the plugin by Asikart called RemoteImage, which I used for uploading pictures and files, It had been de-listed by the Joomla Extensions Directory, so as part of the clean up of the old site I decided to remove it. When I did this, it broke the Joomla back end completely. So that was when I decided to start over.

I have been reading what the internet has to say about hacking Joomla. The consensus is that it is not difficult on sites which do not follow best practice with regard to choice of plugins and keeping everything updated with the latest version.  And Wordpress is the same. And you can understand why - the whole of the source code is published, so it can be studied in great detail, which allows hackers to create attacks which are targeted at specific weak points.

There are many suggestions. Some - such as setting all the file permissions to 444 - are impractical.  Others, such as making sure plugins are safe, are more useful.  It seems likely that plugins which allow file uploads are a weak point. The one I was using allowed the upload of .sql files. And whilst it did not allow for the upload of .php files explicitly, it allowed the upload of a .php which had been renamed .jpg. Then, after the upload, you could rename it back to .php. 

So let us see how long this version lasts !

Login Form