A new CloudAccess.net platform security feature giving clients the ability manage and secure any version of Joomla

It’s an age old tale of good versus evil: you build an awesome Joomla site in the current version, time goes by, the version becomes outdated, you don’t upgrade and at some point a smart hacker finds a way to break into your older Joomla site. You’ve heard the story a hundred times.

The initial knee jerk reaction is to panic, curse the heavens and ask “how could this have happened?” And the answer, from our perspective, is all too common. What we see is that 99% of the time, a hacker takes over a site by injecting something into your database like a spam attack or some other unwanted content. They are able to do this because your code has a flaw because you have a version of Joomla that has reached the end of life.

Another possibility is that someone has stolen the FTP details or login information for your Joomla application and they have manually uploaded your hosting directory overwriting files that render the site. Or, if they log into your Joomla Administration area, they can do all types of things with the editor or with the automated scripting.

The second reaction is to blame someone and, unfortunately, a lot of people blame Joomla right off the bat. In all actuality, however, it’s not Joomla’s fault. In our experience, one of two things probably occurred: 1) The person who built the site installed a 3rd party extension, the extension was never updated as time passed, a hacker found a hole, and jacked up the site. This is just like a local Windows computer - if you don’t update the software, people can put a virus on your computer. 2) Someone got a hold of your login credentials and jacked up the site via FTP or through the Joomla Admin. This is just like a local Windows computer - if you don’t update the software, you’re vulnerable to viruses.

Our network is 99% self managed which means that the customer maintains any extra software they install in Joomla. Our clients are responsible for updating any 3rd party extension they’ve installed. Many times, they or their developer installed something and they’re not even aware they have to update it. Before they know it, someone from the hacker nation found and exploited the old code and -- wham, bam, boom -- you’ve got shady messages and Viagra advertisements all over your once pristine web property.

This complicated world of hacking and dealing with updating your site is enough to give anyone a headache. At Cloudaccess.net we’re very good with cleaning up and finding issues with hacked sites - we host tens of thousands of Joomla applications on our network, many of them using older versions of Joomla. Unfortunately, we’ve seen a rise in hacked sites. We clean them up individually and help our clients get their property back, but we’ve also created a solution to help prevent hacks from occurring.

To curve this battle, we’ve added a powerful new feature. In short, you can now “lock” your database tables and put them in a “read only” mode. We allow you select which tables you’d like “locked” and in “read only” mode and which tables you’d like open so your application can write to them. We’ve also given you the ability to lock down the Joomla site files. If locked, no one will be able to upload anything to your server using FTP. You can manage all of this through the new “Security” tab found in your Cloud Control Panel.

Learn How to Manage Security

Tour the Cloud Control Panel

Why Managing Security might be for you

Because you can secure old Joomla sites in seconds instead of upgrading to a newer version. Imagine using a Joomla 1.5 for years and years without worry. Many website owners never update their version of Joomla and they use the site for marketing purposes only. With the Managing Security solution you can lock down the site, never update the extensions or core software and continue to do business as you always have eliminating the risk of being hacked.

Why our new Security Tab will help you?

• It will stop hackers from uploading and writing to your files
• It will stop hackers from doing MySQL injections into specific database tables or all tables
• It will stop FTP/SFTP style hacks (hackers whole steal FTP/SFTP Details)
• You can take a step towards achieving PCI/ HIPAA compliance
• You can lock an older version of Joomla

How does it work?

We are using the extended 4 (Ext4) filesystem. We use the immutable (i) flag to set a “read only” mode on files and directories. A file with the ‘i’ attribute cannot be modified -- it cannot be deleted or renamed, no link can be created to the file and no data can be written to the file. Only the site’s Super User or a process using the the CAP_LINUX_IMMUTABLE capability can set or clear this attribute.

What happens when it’s turned on?

• No one can modify existing files
• No one can add or delete anything from the directory
• No one can write to site files using FTP or SFTP
• SSH and FTP is turned off automatically
• No one can edit any files using the Joomla Editor or Joomla User Interface

This will stop hackers in their tracks. Only the site’s Super User or one of our Server Administrators will be able unlock the site. Be careful when you use this feature. If you have any extensions that are critical to your site’s functionality, you may cause a portion of the site to become unresponsive or the entire site may go down. You can always submit a support ticket and call us to see if this new security feature is right for you.