Security in Joomla! 3.x • Re: Joomla 3.6.5 site hacked

I'm curious as to why you have missed nine years of updates. Joomla v 3.6.5 was released in December 2016. My first advice is to update the site to 3.10.12 at minimum with a short term goal of migrating to 4.x or 5.x.

You're also running long out-of-date PHP 5.6.....that may be the only 'backdoor' that hackers need.

• 3.x to 4.x Step by Step Migration
• 4.x to 5.x Planning and Upgrade Step by Step.

If you want to remain with 3.10.x for the time being, you will need to subscribe to Extended Long Term Support to obtain ongoing updates until February 2025.

To address the hacking issue, I would advise you to try the Mysites.guru service, and run an audit of your site. The audit should find the issues you're having. Additionally you could seek advice from Phil Taylor who runs mysites.guru (noting this is a paid subscription service). The first site audit is free.

These configuration settings are also inadequate for more recent joomla versions, so address the server issues before anything else.

PHP Configuration :: Version: 5.6.40-68+ubuntu20.04.1+deb.sury.org+1 | PHP API: cgi-fcgi | Session Path Writable: Yes | Display Errors: 0 | Error Reporting: 22527 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Allow url fopen: 1 | Open Base: | Uploads: 1 | Max. Upload Size: 16M | Max. POST Size: 32M | Max. Input Time: 60 | Max. Execution Time: 30 | Memory Limit: 64M

Statistics: Posted by AMurray — Thu Feb 29, 2024 9:52 pm

---