Joomla Admin Security- How to Find Out if Your Account is Hacked?

Joomla has grown to become one of the most reputed content management platform to upload web content. Moreover, as a result it has become a common ground for hackers to target businesses and establishments based on Joomla. If you feel you are operating a hacked Joomla account or your Joomla admin security is compromised, then there are clues and hints to identify it. Knowing these clues can potentially save you from operating a hacked Joomla account and causing more damage. These are some of the ways you can be sure that there is a breach in the security:

  • If you are not able to log in to you website, it may be a sign of a successful attack on the account. Confirming all the possibilities is probably a good idea.
  • If all data from the account is erased or corrupted, it is mostly a sign that a hacker dumped the files and tried to erase the websites or any errors in the database. Thus scanning the website will confirm the cause of the problem
  • If there are errors in the database when you log in, or weird behavior such as when you visit your site and then it redirects you to a different website
  • Strange and unknown content on the website including new and unfamiliar JavaScript code on your website
  • If one of the following files were modified without any knowledge of yours then probably your Joomla admin account was hacked: index.php, .htacess file or any files related to templates.

Methods to Identify the Cause of a Hacked Joomla Websites:

  • Blacklisted by Google:

    • The first step is to verify if the website has been backlisted by Google, McAfee or Bing, and any other search engine. To verify and find out the status of the website, you can use their transparency report tool. Fire up the Safe Browsing Site Status age and enter the website URL. You can see the Site safety details regarding the malicious redirects, downloads and spams. You can also see the testing details which includes recent scans that found malware.
      The opening page of transparency report in Google
      Screenshot of google transparency report
  • Look for Altered Code by Hackers & Malware:

    • If any system files have been altered those can viewed by comparing the changed files with the original files that are available in GitHub. The fastest way is to use the diff command in the terminal.
    • Steps to check the files using the SSH command. Here we will be using the version 3.6.4 available and the installation files that are supposedly altered.

$ mkdir joomla-3.6.4

$ cd joomla-3.6.4

$wget https://github.com/joomla/joomla-cms/releases/download/3.6.4/Joomla_3.6.4-Stable-Full_Package.tar.gz

$ tar -zxvf Joomla_3.6.4-Stable-Full_Package.tar.gz

$ diff -r joomla-3.6.4 ./public_html

The diff command will compare all the clean files with the files on the system.

  • Auditing Joomla’s Admin Users

    • By auditing Joomla admins and super admins, you can find out if any unauthorized users are accessing your account:
    • To find unauthorized user in  Joomla:
    • Log in to the administrator panel
    • Go to the ‘users’ section and select the option ‘manage’
    • View the list with the latest registration dates
    • Here you can see all the registered users & remove all the users the hackers created
    • Verify the users who have been logging in at suspicious times and locations
      Screenshot showing the users and their privileges
      Screenshot of admin panel in Joomla

Consequences of Known Admin Path:

The admin path is essential in Joomla since that is the control center of the account. Moreover, if any hacker is able to hijack the admin panel, the hacker will be able to access all data and control.  Ensuring Joomla admin security is essential and it is the top way hackers gain control. Thus, this is the reason for hiding the admin path from all the users.

By using the admin path, hackers can easily launch a CMS attack and create fake users. Moreover, using those fake users the attackers can have control over the account. The CMS attack can be done using Metasploit, which is a very common software to mount such attacks. Knowing the path to the admin account will enable the hackers to launch brute force attacks against the password. Moreover, a powerful enough computer can easily crack the password.

A CMS attack in progress
Screenshot of an attack

It might not look too serious at the first glance, but it is one of the ways for the hackers to get control of your account and access your websites. Thus, ensuring Joomla admin security is necessary since it is the first line of defense for your Joomla account.

How to Hide and Protect Your Joomla Admin Panel?

To prevent any attacks through the admin panel, hiding the admin panel is one of the proposed way to strengthen Joomla security. Mentioned below are the various methods which achieves this:

  • Using Third Party Plugins

    • JSecure is a plugin that works well. To add this plugin, click on the Extensions, then go to ‘manage’ and then install
      Screenshot of installing the plugin in Joomla
      Screenshot of plugin
    • After installing the plugin from the web, you can configure the plugin and you are ready to go
  • Double Protect Admin Using htpassword

    • Joomla saves the passwords securely in an encrypted form. However, the id and the password passes from the client to the server on a network in plain text form. This enables any hacker with adequate sniffing tools to capture the password and id. This calls for additional security and the use of .htpassword to protect the admin files and directories with a password. This password is sent over a SSL connection so encryption protects the password. Below are the steps to use .htpassword:
      • To begin, one needs to be aware of the Apache password utility. Using Apache you need to create a .htpassword file or you can use this tool which is simpler that the above mentioned utility.. This is possible with an online tool too but using command lines to create the file seems more trustworthy.
      • Make sure that the site has the required capabilities for using .htaccess. Then, decide the location of the .htaccess file. Since the location of the file will determine the number of files this method secures.
      • Determine the directory where you will be storing the .htpassword and .htaccess files since they must not be publicly available.
      • Once you create the .htaccess file, store it correctly and create a backup of the file. To enable the .htpassword protection, write the following codes in the .htaccess file:

AuthUserFile /home/auth/.htpassword

AuthType Basic

Require valid-user

ErrorDocument 401 "Authorization required"

      • Now, your admin panel will require an extra couple of credentials to login. Moreover, brute force attacks will not work anymore.

Astra- A Tool for All round Protection

Using command lines are difficult and time consuming. Moreover, as the services develop new methods to safeguard Joomla accounts, hackers devise newer methods to infiltrate them. With such a dynamic group of hackers at work, you need an all round protection. Astra is the weapon which will provide you with complete Joomla admin security and protect your account against the continuous attacks on your Joomla website. The best part being – it’s completely plug-n-play and requires no IT knowledge!

Astra is a tool that protects accounts in Joomla against all types of attacks such as Malware, Bad Bots, XSS, malware, SQLi and 80+ internet threats. It makes sure that your account is secure and unauthorized users are unable to access the accounts. It blocks and records attacks such as brute force attacks on the admin accounts. Astra logs every login attempt which you can see and it sends regular updates to the owner at every hour.

Screenshot showing the login activty
Screenshot of Astra

Unlike other third party plugins and tools that offer only partial protection to the accounts, Astra protects the accounts on all fronts. Be it bots or malware, Astra will secure your website from everything. Moreover, the prompt customer support helps in easily operating the tools. It is easy to use and manage, with a detailed dashboard you can take note of all the activities going related to your account.

Screenshot of the activity log

Screenshot showing the activity details joomla admin security

With Astra you can never go wrong in ensuring Joomla admin security. Thus, the only thing you need to do is to subscribe to one of our plans and sit tight as we secure your website.

Waiting to Get Hacked?

Get security tips & latest vulnerability fixes right in your inbox:

About The Author

Sovandeb

Your usual nerd with an avid interest in everything tech. If not writing then following up on cyber security news and preparing for my next article. If there is something new out there you can bet I will write about it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close