Two weeks ago, a handful of sites (6) were impacted by a redirect from their homepage. This is the second time in two years that such a "hack" has taken place. Both incidents of attacks originated overseas by a politically motivated hacker group that targets the websites of Jewish institutions in the United States. In this case, it was only a redirect. No database or user information or other data was accessed. In response, we immediately notified our hosting company, and they were able to find the cause and remove the offending code.
Deflecting attacks is a regular course of business for all websites, and our servers routinely protect our sites against thousands of attempts by automated malicious processes daily. As has been reported in the media lately, internet security risks are universal and protecting sites from attacks is a big business.
If you would like to add some additional security settings to your site, you have access to the RSFirewall! component in the administrator control panel. A firewall is a system designed to prevent unauthorized access to or from a private network. RSFirewall! actively protects your Joomla! website from intrusions and hacker attacks. For more information on the features of RSFirewall! and how they work, please review this tutorial.
Over the next two weeks, I will be updating the RSFirewall! software on every site. I will also be adding a new plugin that will allow you to block all IP addresses that appear to be coming from a specific country. An IP address is a numerical label assigned to each computer, therefore if you block an IP address, you block one's access. Once installed, this component can be accessed from Components > RSFirewall! > Configuration > Country Blocking. You should then see a country checkbox list where you can allow/disallow access. Since the two previous attacks against URJ websites originated overseas, we highly recommend that access to sites are restricted to North America only.
Attacks can come in many forms. When loading your site in a browser, it may not be there, or it redirects you to a different page, or suddenly your site is full of advertisements. You may notice new usernames or multiple attempts from the same IP address to access the admin. If it's the former, you may want to lockdown your site . This will prevent any new installations or the creation of other users with admin rights. However, this will make it riskier for you to login if you forget your password since you could also get blocked out if you attempt it incorrectly too many times. We would need to reset your access in that case.
In any case, if you do notice your site has been hacked, please don't panic. Notify us, or we will notify you. Either way, all congregations affected will be notified in a quick and timely manner upon resolution.
Thank you for your attention to this important matter.
Congregational Websites Manager