The “GoDaddy Joomla Hack” – How to Fix

GoDaddy, although one of the largest hosting companies out there, has a not-so-good reputation when it comes to security. In fact, many of the Joomla websites that we fix are hosted on GoDaddy. So why is that? Well, we think that there are three major reasons why Joomla websites hosted on GoDaddy get hacked more […]

Can an SSL Certificate Protect My Joomla Website from Hacks?

We just had an interesting conversation over the phone with a Joomla website administrator. The conversation went like this: – “Hi. My name is [customer name] and I work at [company name] and I’m calling you because I heard that you are experts in Joomla security.” – “That is true”, we said, “How can we […]

Your Joomla Website Is Really Really Slow? Maybe It’s Hacked!

A new customer called us a few hours ago, and told us that his website was really slow. He told us that his website was hacked, and that his hosting company “fixed” the problem, but after they “fixed” the problem, his website became super slow. We thought that it might be a simple thing as […]

Database Hacks on Joomla – The Worst Kind of Hacks

A new client called us today and told us that his website was hacked, and asked us to fix it. The moment we hung up the phone with him, we started working on it immediately (we treat such tasks as urgent). We did our regular check on its filesystem, and we didn’t discover anything! (even […]

“Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0” Error in Joomla

We’re currently having an increasing number of clients emailing us that they’re seeing the following error (repeated twice) on their homepage: Warning: Unknown: failed to open stream: Permission denied in Unknown on line 0 The homepage doesn’t display anything else, just this message (again, the message is usually displayed twice). So, what is the cause […]

What To Do When Your Joomla Website Is Flagged As Malware by Google

Often these days, clients call us after we unhack their Joomla website and tell us that it’s still hacked! So we examine their website and discover that the website is clean. We communicate to them our results, and they get back to us shortly and they say that when they go to their website on […]

How to Quickly Fix a Hacked Joomla Website

Note: This post is very advanced and is targeted at programmers. If you’re not a programmer, you can ask us to do the below for you. As of May of last year, we are often getting several hacked Joomla websites a day to clean. In this post, we are going to share with our readers/clients […]

Why You Should Use DSO for Joomla Websites

We have discussed suPHP in a previous post, and explained why it should be avoided on Joomla websites because Apache must have full permissions on all files pertaining to Joomla (including core files), leading to major security issues in case there’s a tiny loophole in the Joomla instance. In that post, we stated that you […]

Why suPHP Is Insecure for a Joomla Website

Most of the Joomla websites use suPHP, and yet most of the Joomla websites (with vulnerabilities, e.g. those with version less than the current one, or those that have vulnerable extensions installed) are getting hacked. Is that a coincidence? We think not, and we’ll explain why. What is suPHP anyway? suPHP is a tool that […]

Beware the Images Folder in Joomla

The images directory is considered to be a harmless directory – after all, what can it contain other than images and other downloadable content? In our experience, the images directory is not as innocent as it seems, in fact, it is, in our opinion, one of the most dangerous directories that can wreak havoc on […]

Are All Your Joomla PHP Files Hacked?

We spent the past weekend working (yes, we work on weekends at itoctopus – in fact, we work all the time!) on two websites (each belonged to a high profile company in the US – one of them had 170,000 pages and the other had over a million pages indexed with Google). Both of these […]

Is Joomla 1.5.26 Still Secure?

Up until recently, we were recommending our clients to keep using Joomla 1.5.26 until the end of the year, but we no longer recommend this. In fact, we are urging all our clients to migrate as soon as possible from Joomla 1.5.26 to Joomla 2.5.6 (or the latest version of Joomla, whatever it is). So, […]

On Storing Backups of Your Joomla Website in the Wrong Place

2 out of 3 times when we fix a hacked Joomla website, we discover that a backup of that Joomla website is either located in the root directory of the website, or worse, under a backup folder, which is, in its turn, located under the root directory. Some websites make it very easy for the […]

.htaccess File Being Rewritten Every 30 Minutes on Joomla

We have worked with weird Joomla problems before, but this problem took the concept of weirdness to a whole new level! Here’s what was happening: The .htaccess file is hacked (hacking the .htaccess file is common and is easily remediable) and is redirecting traffic to the website when using Google Chrome to, while traffic […]

How to Disable Directory Listing in Joomla?

A major vulnerability on any website – and not just Joomla websites – is to have directory listing enabled. Directory listing is a default feature in Apache and IIS (the two most common web servers used for Joomla websites) that will allow anyone to view the list of files in a certain directory if the […]

Google Indexes Different Content on Your Joomla Website

In our job, we get a new odd and exciting problem to fix nearly every day, and that’s what keeps us motivated! Today was no different, as a new client told us that his Joomla website was hacked, but only for Google! So we asked him that how can such thing be possible, he told […]

How to Prevent SQL Injection in Joomla

SQL Injection is the most dangerous hacking techniques out there. With SQL injection, a malicious attack can drop you a table or even a whole database in a few seconds and with a very simply command through your website. In this day and age, it is unacceptable for any website to have a SQL injection […]

Cross Site Scripting in Joomla

In our post about Acunetix and Joomla, we briefly mentioned the topic of Cross Site Scripting (XSS)1 in Joomla. In this post, we will discuss it in details. Let us first explain what is Cross Site Scripting, and then we will discuss how it can affect your Joomla website, and finally we will tell you […]

What Will Happen When Your Joomla Website Is Hacked

In previous posts, we have discussed how you know if your Joomla website is hacked and what to do when you discover that it’s hacked. Right now, we want to discuss what will happen to your Joomla website when it’s hacked. According to our experience on the subject, here’s what will happen when your Joomla […]

What To Do When Your Joomla Website Is Hacked?

In the unfortunate event where you know that your Joomla website is hacked you need to follow the below steps: Remain calm: Your website is hacked – period. There’s nothing that you can do to change this fact, and most of the harm is already done. Why panic? In addition, most website owners/managers experience the […]

10 Security Tips for Your Joomla Website

Our article, 10 reasons why your Joomla website got hacked, was well received by our readers (clients and visitors alike). In this post, we want to list the top 10 security tips to protect your Joomla website. Always keep your Joomla website up-to-date with the latest version of Joomla: Every Joomla update addresses security issues […]

Acunetix and Joomla

Most of our jobs dealing with securing a Joomla website by removing all potential security threats have to deal with Acunetix. Usually, our customers come to us with either an Acunetix report or ask us to run an Acunetix scan on their Joomla website. Typically, here are the couple of critical vulnerabilities that we find: […]

How to Block an IP Address on Your Joomla Website?

Sometimes, you feel that you are obliged to block a certain IP from accessing your Joomla website. Reasons may include: The IP is hacking your website. The IP is scraping content from your website. The IP is attacking your website with a lot of requests. The IP is continuously spamming your website. The IP is […]

10 Reasons Why Your Joomla Website Got Hacked

We have at least 3 times every week where a customer comes to us with a hacked Joomla website. Usually, the Joomla website will be either filled with hidden malicious content, is redirected to another website with malicious content, has all its data erased, or is simply does not show up. Here are, according to […]

Why We Are the Joomla Security Experts

Website security has always been a hot topic, and now it’s even a hotter topic as security standards, such as PCI-DSS, are becoming required by credit card companies as well as internal security auditors (especially in schools, universities, and other websites). As a result, we are currently experiencing a surge in projects consisting of securing […]