Because failing to take steps to protect your website can allow hackers to damage, deface or take down your website.
The screen-shot below is from a live website run by a commercial organisation selling Joomla! extensions and PHP scripts. The site has been anonymised and the site owner informed about the problem.
Example of a hacked Joomla! website
In this example the hacker has tried to add some page content to the site, by pasting some malicious HTML into the website. The hacker has not understood how Joomla! works, so in this example the website is displaying the raw HTML rather than the payload that was intended for the hacked website.
The fact that the website has been hacked is a serious issue for the site owners:
- What if the hacker has left behind malicious scripts (e.g. back-doors or Trojans)?
- Could any of the commercial products on the site have been tampered with?
- Has the website’s database been compromised and if so are the site’s customers now going to receive a stream of SPAM emails?
- What damage has the attack done to the reputation and operation of the business?
- How long will it take to clean up and restore the site to a safe, unhacked state?
Finally a significant issue which needs to be addressed as a priority – how was the Joomla! website’s security breached and what steps can be taken to prevent it happening again?
In our posts to date we have examined some simple steps you can take to improve the security of your website. In future posts we will examine further steps you can take, both to improve security and to enable fast restoration of a website if it has been compromised.
