ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Website under attack ... help needed

<< < (4/4)

Carol Haynes:
Thanks everyone - the common thread to the sites that have been affected seem to be out of date Joomla installations. I don't as a matter of course update Joomla websites for clients when they won't pay for support so some are still on Joomla version 1.5, and some have to by necessity because they use extensions not available for 1.6 onwards.

Having updated the affected sites to 1.5.26 (the final version in the 1.5 lifecycle) and replaced the .htaccess on each site everything now seems to be back to normal.

I have a lot more accounts running other stuff and none of those seem to have been infected so it looks like a Jommla 1.5.22 and earlier vulnerability that has been exploited.

I am going to start migrating websites to Joomla 2.5 as soon as possible!

In the meantime I will download each site to my hard disk and scan against a factory install of Joomla 1.5.22 to look for differences.

What a PITA, but thanks everyone for so many suggestions and quick help last night - esp. Josh who worked through a lot of stuff with me via IM.

Dormouse:
Thanks everyone - the common thread to the sites that have been affected seem to be out of date Joomla installations. I don't as a matter of course update Joomla websites for clients when they won't pay for support
-Carol Haynes (February 12, 2013, 04:11 AM)
--- End quote ---

I don't know what more you could be expected to do, so long as they are aware of the risk they take by not having their sites regularly updated by you. I'm not sure if you could offer an update service fee that would be lower than your support fee.

wraith808:
Thanks everyone - the common thread to the sites that have been affected seem to be out of date Joomla installations. I don't as a matter of course update Joomla websites for clients when they won't pay for support
-Carol Haynes (February 12, 2013, 04:11 AM)
--- End quote ---

I don't know what more you could be expected to do, so long as they are aware of the risk they take by not having their sites regularly updated by you. I'm not sure if you could offer an update service fee that would be lower than your support fee.
-Dormouse (February 12, 2013, 07:39 AM)
--- End quote ---

This.  And perhaps a retainer so that when updates come around, it's not as large an expense.  I have a client that does this- pays me monthly a smaller amount, and when I have to do things, I take it out of that.

Navigation

[0] Message Index

[*] Previous page

Go to full version