“I have some goods and some bad news the good news is that I got the url of your website, the bad news is that your website has been hacked” This are the words of a client I had given my biz card.
Joomla version lesser than 1.5.9 is on the verge of attack, the hackers are aiming on token faking,
A fault in the reset token validation mechanism allows for non-validating tokens to be faked. This will allow an unauthenticated and/or unauthorized user to reset the password of the first enabled user. The reset mainly happen when using the default user name (admin) so changing the username MAY Diminish the possibility of a hack just ensure that the admin is indeed disable or change the username (not warranted to work). However the sure way to ensure that you are safe is to upgrade 1.5.9 or patch the com_user component somewhere here /components/com_user/models/reset.php
The hacker will aim at defacing Three part of the site depending on the expertises.
- The index.php on the root directory (this is a naïve hacker or so I think.) Just copy any working joomla index.php file and you are good to go.
- The other is defacing the template in use. For this you will need to uninstall and install a fresh copy of the template.
- The worst is if he deletes the entire website (this is your hater, hackers are quite mild talk of paradox).
One big lesson is that you have to back up your website once for the folders and the other for the database.
Hope I help.