Joomla is one of the most popular free content management systems in the world – but it has its drawbacks as a lot of people with Joomla sites are finding out right now in the cruellest way.
Thousands of owners of Joomla websites are waking up each day to find that their site has been taken down by their hosting companies, or replaced with what’s called a bragging message.
[caption id="attachment_1035" align="alignright" width="450"]
This charming fella is what hackers are placing over the homepage on vulnerable Joomla 1.5 sites. If you’re really unlucky you get music, too.[/caption]
Typically it’s this:
Hackeado por HighTech Brazil HackTeam
NoOne – CrazyDuck – Otrasher – L34NDR0
But if you’re really unlucky you get the nasty character in the picture and some hard rock tunes, or the clown who appears further down the page.
Here’s a report on the start of the hacking attack in early January, although it’s still going strong now.
So why are Joomla sites getting hacked?
The main reason why hackers are attacking Joomla sites is because they can. Where there is a vulnerability they will exploit it.
The current hacks seem to be coming from one group claiming an affiliation with Lulzec, who usually attack big business websites.
But practically anyone can hack a Joomla site: There are plenty of videos giving full instructions on YouTube.
The attacks are mainly confined to sites in the early versions of Joomla – 1.0 and 1.5 and later versions – 2.5 and 3.0 – appear unaffected. Two experimental versions, Joomla 1.6 and 1.7, are also vulnerable.
Joomla is created by a community of developers who work together to create this system, but from the end of last year that community stopped supporting the early versions and urged site owners to upgrade.
The problem is it’s hard to upgrade. Wordpress can (usually) be upgraded with a click of a button and the same is true of later versions of Joomla – but not the early versions. It involves a migration, which can be a long and involved (and geeky) process.
Essentially it means building the site all over again.
[caption id="attachment_1036" align="alignright" width="450"]
Another example of a hacked Joomla site.[/caption]
And to make things worse, many web companies have been knocking out cheap Joomla websites for years with no provision for upgrading when the software is no longer supported.
Not just that, we know of several companies who were still building sites in Joomla 1.5 last year, when they should have been aware that support for the software would soon end.
These factors mean many site owners are sticking with their old versions of Joomla – and these are the ones who are getting hacked.
How is it happening?
At present the hackers are seeming to target one particular Joomla add on (or extension) called JCE editor, which is present in most Joomla installs as standard. The security hole was sealed last year but the problem is that early versions of Joomla do not warn you about out of date extensions.
So if you have Joomla 1.0 or 1.5 and JCE installed, check you have the latest version. You can download the latest version of JCE Editor here.
Ashamed to say it, but we were caught out by this when one of our Joomla 1.5 websites was hacked in this way a few weeks ago. It took a whole day to clean the site up and get it live again, then close the security hole.
[caption id="attachment_1037" align="alignright" width="200"]
Thankfully it was not a customer site and we closed the same hole in all our other Joomla 1.5 sites and began migrating them so it does not happen to us again.
By the end of March we will not have any sites left in Joomla 1.5.
Why? Because this is likely to be the tip of the iceberg and more hacking attacks will come as more security holes are discovered.
The Joomla community no longer supports early versions so nothing will be done to stop the security holes. It’s called End of Life for a reason.
Joomla 1.0 or 1.5 site? Start planning now
So if you have a Joomla 1.0 or 1.5 site, our advice is you need to start planning either migrating it to a later version or into another content management system, such as WordPress.
It’s not the end of the world and early versions of Joomla may stay stable for years, but why take the risk?
Our hosting company, Heart Internet, is advising all owners of Joomla 1.x sites to upgrade as soon as possible and they aren’t the only ones.
Knowledge Republic has been documenting the stream of hackings for some time: Case Study on: www.pa.gov.sg being hacked by HighTech Brazil HackTeam. This also covers vulnerable Wordpress installs, which we’ve talked about before.
There’s also an interesting article from a Canadian IT Company suggesting Joomla 1.5 is already not secure. This article from an Australian hosting company explains Joomla 1.5 and end of life.
For an alternative, and slightly less ‘The end is nigh’ view of things, this article from OsTraining weighs up the pro’s and cons of running outdated software.
How can I tell if my website is vulnerable to hacking?
This is relatively simple.
- Go to your website
- On a PC, right click on an area of blank space
- Select ‘View Source’ or ‘View Page Source’, depending on your browser.
You will see a stream of text but very close to the top you will see the Meta information. In Joomla 1.5 sites it usually says this:
<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management” />
If this is present you have a vulnerable site. Contact us if you want us to identify whether your site is vulnerable.
Got a Joomla site? We can help
If you’re one of those affected by this then we can help you weigh up what to do and plan for the future.
Contact us for a no obligation talk through the options. Whatever you decide to do, do something.
If you have a later Joomla site – version 2.5 or 3.0 there’s no need to do anything as both are actively supported and will continue to be until at least 2014. They are also far easier to upgrade.