Miss Kagura
Domestic Kitty
| Posts: 25 |   |
|
1. Remove all the "Powered by Ewriting" footers from your website!!!
The easiest way for hackers to find Ewriting-enabled sites is to google "Powered by Ewriting." This is a violation of the license, but it's also an identifier used by hackers to locate vulnerable sites. A hacker tried to hit my sandbox site and the referring page was a google search for "Powered by Ewriting." In fact, until a fix is put into the code, anyone who doesn't have JDefender or some other method of protection should probably ask to have the 'Sites Using Ewiting' section temporarily removed.
2. Buy JDefender (http://joomlaequipment.com/content/
view/2/5/), which not only helps to protect against injection attacks, but it can stop one in progress and block the person trying to do it. JDefender saved my sandbox site. There was no damage to it, and I even got an email alerting me to the problem.
3. Start a reliable backup system. If Ewriting is the only component you have that writes to the files system, you don't have to backup your entire system. One copy of your public_html folder will remain generally unchanged with the exception of the stories file. Backup the stories file and the database frequently.
|
|
The administrator has disabled public write access. |
