Hi all

• Please see list below of where I am at. Can you think of anything other steps I need to take to secure my site? What is meant by "scripts" up to date?
  
• I entered my url at this site for a check: sitecheck.sucuri.net/scanner/
  and result was that site is clean. What do you think of this free scanner? Are there other sites that can check your url?
  
• I want to block IP addresses from entire countries where I think these attacks came from before I put site back online. How can I block an entire country?
  
• I wanted to be sure to be free of problems so I restored database to oldest on file with host which was about a month ago... problem is that I have been doing a lot of site work for my new 2.5 site...and now that I see what work I have lost, I have serious "rollback remorse". I saved copies of this 2.5 database before the restore. Is there a way to check this database for malicious content? I would really be happy if I could confirm the database is safe and then restore it and all of my lost work.
  
  

Thanks
Scott

• Deleted Public_html contents and did vault restore
• Requested all three databases be restored - completed by Host
• Re-edited all three config.php files to reflect the new database users and passwords - now have front and back end access
• Also all three sites have joomla usernames and passwords changed and all extra users have been deleted.
• All three sites have file folder permissions 755, file permissions 644, and now Config.php has been changed from 444!! to 640.
• Cpanel new password
• Reset joomla logins and pass for all 3 sites
• All three sites currently offline
• Reset all email passwords and checked all working
• FTP account password changed - need help with Foxzilla!
• Rechecked - Archive logging is turned on in cPanel

Hi
Gosh you have made great progress well done.
I would recommend Akeeba Admin Tools Pro to block IP addresses and countries, it will also inform you if anybody tries to log in via the administration panel.
Tutorials on filezilla - have a look at youtube www.youtube.com/results?search_query=fil....0...1ac.b5kJhOq1l3c
With regards old database if it is just text that you want to retrieve you could just open it. Is it a big database?

Thanks Mark

I will check out Akeeba Pro and filezilla video.

Database is my 2.5 site under development. On cPanel database file size is only 6MB as I really haven't started adding much content, but I would sure like to get back all of my work from the past 3 weeks if there is no risk of dangerous stuff from hackers.

I see on cPanel where it is easy to add individual ip addresses to blocked list, what I need to know is how to add an entire country to this list... Is there a list of country codes and a tutorial on how the IP address is made up?

Scott

Hi Scott,

Check out this extension to block country IP's:
extensions.joomla.org/extensions/access-...ess/ip-blocking/2615

Here is a list of extensions for IP blocking:
extensions.joomla.org/extensions/access-...e-access/ip-blocking

Thanks tessa will check them out
Scott

You are welcome Scott. :-)

With Akeeba you can block by country or continent!
Regards

Hi
I am not sure that anybody has mentioned this yet but OS Training does have a fantastic range of tutorials on this topic even showing you how to set up Akeeba Admin Pro.
www.ostraining.com/courses/class/joomla-25/security/view/
I did start to answer your other questions on security but decided that replies from Nick, Ed and Tessa would carry more gravitas!
Regards
Mark

Not so mark! I find your posts very useful.

I upgraded my admin tools to pro on your advice and am reading the tutorial as we speak... I am reading, however that it may not do much to block ips (unless i can be sure they were related to attack) and atpro says blocking whole countries for security doesnt work.. (but could be very useful for my estore)

So rather than get paranoid over ip addresses at this time i think it better use of my time to read the manual and activate all tools in admin tools. Shame on me as i had the free version installed but hadnt set it up

Regards

Scott

Ps also solved my filezilla problem from one of your other posts
Ppss. Will also be ckecking out security class posts as well... It has been on my list for some time thanks again

Glad your getting that worked out Scott.

And Mark, don't be so humble. Your suggestions are usually right on the money. We only jump in because we are trying to keep the answers flowing and get them closed as soon as possible. Don't sell yourself short!

Cheers to both of you,
Ed

PS. If you really want to block IP's read our review on Incapsula. There are other services that do the same, but it might give you some ideas. The basic service is free and will help you a lot.

www.ostraining.com/blog/general/incapsula/

hi Ed,
I just signed up for free incapsula account. Easy! I successfully made DNS changes and from pic you can see it is enabled. Just logged into front and back end.

Any Idea where I can make this change to redirect my mail? I can't find this in cPanel:Can't find a tutorial about this on their site

Also, I will need to also add my 2.5 dev site in subfolder? or is it already protected now??

Thanks
scott

It should be protected now.

Incapsula should answer your question if you can submit a ticket. I had the same problem when I tested it but it's been a while and I don't remember exactly how to do it.

Sorry. If I can find the answer in my old emails I'll put it up here, but I might have deleted it. You have to change the actual DNS zone record to point from wherever it is now to the ip address. I had some trouble with it originall because cPanel didn't want to remember the changes. I had to do it several times.

Ed

thanks ed
I submitted a ticket

Scott

Hi
Did not mean to come across as "needy" just wanted you to get the best advice.
Features of Akeeba Pro are "Geographic Blocking: prevent access to your site by specific countries or continents and IP black-listing: prevent access to your site by specific IP addresses or blocks of IP addresses"
I installed it after viewing the tutorials I mentioned. After 2 days I noticed that somebody from Russia had made 56 attempts to log in to a site - in each case they had used "admin" as the username and passwords from the list of the most common. I used the feature to block geographically and have had no problems since. The video tutorials include a section on setting up the software.
Regards

Maybe RSfirewall whould do you some good? I use it and it's extremely protecting your site.. Within that component you can also set permissions on ACL who can enter a component. (handy if you have components which don't include the ACL option but you don't want to give access)

Thanks again Mark - I definitely will follow the tutorials this time to be sure I set up admin tools correctly.

Thanks AV for your suggestion - I will also check out RSFirewall as well.

Regards
Scott

Cheers, guys. I'm closing this one for now. If you have more questions, Scott. Start a new thread.

Ed