Menu

Build a Joomla Website Forum

Free Joomla support for all and priority support for members.
  1. John Harper
  2. General
  3. Monday, September 05 2016, 08:58 AM
  4.  Subscribe via email
My website, Sense & Nonsense, was taken offline by my hosting service (iPower) in late May, 2016. Here is the message they sent me:
We detected suspicious contents that suggests your 'johnharper' account has been compromised. We have temporarily suspended your website to protect your website visitors from getting impacted and also preventing the impact on your website reputation as well as our server’s reputation.

We have uploaded a file ‘websitescan.txt' within the stats directory of your account which contains the full list of infected files. We need you to take one of two actions suggested below:

We encourage you to contact our preferred partner, SiteLock. In addition to long-term solutions like their Fix and Prevent products, which offer daily scans and removal of malware, SiteLock also provides an emergency service, SiteLock 911. You can call our dedicated SiteLock support representatives using the Toll Free number (United States and Canada customers only) : (855) 378 6200. International: (415) 390-2500. To learn more about SiteLock, please go to: https://www.ipower.com/product/sitelock .


I was very busy with other problems, so I did what they suggested - retain SiteLock to clean and do regular security sweeps at jcharper.net. It costs $30/month which is a huge increase in the cost of this non-commercial vanity website. The suspension was lifted and the website is back online.

Now that I have some time, I would like to know how to avoid security compromise on the remote server over which I have absolutely no control. Did I do something wrong or is this just the nature of today's internet?
Accepted Answer
Richard Pearce Accepted Answer
Moderator
0
Votes
Undo
It is the nature of the Internet that websites are vulnerable to hacking. Although using a service to recover yourself once this occurs, there should be no need to use this on an ongoing basis.

Software is a complicated game and exploits are discovered all the time. Joomla is no different, but certainly better than many other options. It is essential that you keep the core of Joomla updated. When an update is available, especially a security update, you should plan to update within a few days. These days this is a simple process. Joomla extensions also need to be kept current and this can be trickier. You can;t trust the update within Joomla as not all extension developers use it. So you should subscribe to those extension developers newsletters to be alerted of any updates.

Taking these simple steps will almost eliminate future problems. Some other things that will help include choosing good password, using an anti-virus program on your local computer using a good web host.

This is also a good time to remind you to ensure your backups are in place and that you know how to restore if necessary.
Comment
There are no comments made yet.
  1. more than a month ago
  2. General
  3. # Permalink


There are no replies made for this post yet.
However, you are not allowed to reply to this post.

Free Joomla TutorialLearn Joomla for free with our 16 lesson, 2 hour course.

Get Started