CMS-Specific help

Back

CMS-Specific help

WordPress has an FAQ in serveral languages: “My site was hacked!” that has many tips and links.

• Ensure that the most current secure release of WordPress is being used.

Joomla has a Security Checklist, and specifies what to do if a site using their CMS has been hacked or defaced.

• Ensure that the latest release of Joomla is being used.

Drupal has an extensive security page, which has a link to their latest information on how to secure a Drupal installation.

• Ensure that the most current Drupal version is being used.

If TYPO3 is being used, ensure that the most current version of it is being used.

Spamhaus systems detect many StealRat remote access trojan (RAT) infections on CMS systems.

• XBL/CBL is also detecting and listing IP addresses with StealRat infections.
  • The CBL website offers assistance to help find the problem, fix it, and then prevent it from happening again.
• CBL also mentions the “ebury SSH rootkit”, a sophisticated Linux backdoor. It is built to steal OpenSSH credentials and maintain access to a compromised server. Suggested reading regarding ebury:
  • The German CERT’s ebury FAQ;
  • Welivesecurity offers an in-depth analysis of Linux/Ebury.
  • You can check your website’s IP here.

Back