Like so many others, I learned the hard way. And even though I can now look back on the irritation, frustration and work with recovery from the first attack with a wry smile on my face - it is always on my mind in my work on the Web.
I'm like most Norwegians, a bit blue eyed and I believe the best about everyone I am in contact with. It came as a second shock to me when a buddy of mine called one Saturday morning in September 2009 and asked, slightly humorous if I had "... changed my position in life and would tell it to the world via my website?"
Well, it was at it again, my website had been taken over by some angry Liberation Fighter or something. Only this time I had both my own backup and my ISPs, which had been changed since the last attack, also had a backup solution.
The site was up and running again after a few minutes and clicks.
I'm not a security expert and have always looked at myself in a Joomla-context as an "Extension-Junkie", therefore I had searched, found and tried several of the components and modules I found in the Joomla! Extensions Directory under the category Access & Security
While we are on the subject; Joomla! Extensions Developers and Joomla!Developer Clubs - Thank you all, for the superb work people do, with great, useful and interesting extensions for all sorts of purposes.
Back to the case again. Thanks to my search I had found a great solution for both backing up and securing my site just by seaching, downloading and installing components and plugins from what i had found in the Joomla! Extensions Directory. I am not saying that my site was "up to the teeth" secured, and as we all know; You can't be a 100% secured - but you can do your best.
I have come to a good conclusion, I think - and always goes to work with three(3) rules always in the back of my head:
Click the SAVE-button 10 times too often - than the 1 time too rare. Remember also the idle/time-out on your Joomla!-installations, don't expand it if it's not really necessary. Some editors have the tendency to see article-editing as idle-time... I have worked out the nice habit of pressing CTRL+A followed by CTRL+C, before I press SAVE in the editor, just in case my login is timed out. Then I'm sure that I haven't worked for nothing, and can CTRL+V and paste it back in.
Make sure you UPDATE your Joomla! website, as soon as you see alerts about it. The Joomla! 2.5 System will automatically give you the message when logging in to the back-end administration.
Make sure to BACKUP your site, as mentioned earlier in the article - there is plenty of good Components and Plugins from Access & Security, in the Joomla! Extensions Directory. And some of them also have recovery features that workes just very nice. At least - make sure that your ISP has some kind of backup. If you pick or have the right ISP, they will cover both the support and competence to help you - if you will need it.
So think and do the S U B as the ground pillar when you work with Joomla!
SAVE, UPDATE and BACK-UP
We are all exposed to the risk of getting our websites hacked, even if you make sure to be updated and secured in several areas. But once the damage is done, the path can be short and not so frustrating – if you have a backup.
I'm sure that some will be tired of my nagging about this, well i just want all to avoid going in into this trap. In the last couple of years I've seen too many ignoring theese important things, not just in website and Joomla! context but in users bad habits in handling computers and their documents, pictures and data as well. I'm pretty sure that in some time again, you will stumble upon another article about this.