In the last few months, I’ve been called upon several times to recover web sites from hacker damage.   Two were WordPress sites , and one was a Joomla site that was repeatedly hacked.  Some hacks are pretty funny — some teenager strutting his testosterone by replacing your front page with some piece of insulting ascii art (think pirate logos and elf backsides).  Others forward your visitors to Chinese movie sites and sites unknown around the world.  The most malicious hacks attempt to download viruses and trojans to your computer through your browser.

The common theme seems to be that somebody had come in and used the self-registration feature, or had found a backdoor (because the site was running an old version of its CMS code) to register themselves by force.  Then they could tamper with the plugins’ code from the inside, or with the CMS code itself.

But really, the fix is pretty much the same.  I’ve found the quickest most straightforward way to recover your site is to bulk-replace all the CMS code (WordPress, Joomla, Drupal, Mambo, something proprietary) with a fresh copy of the most recent version, and then check your .htaccess file.  I prefer to do it from the outside, that is, using FTP to just overwrite it all, because if a site has been hacked, I don’t trust that the internal update links from within the CMS itself will completely wipe out the problem.  Once you know you have clean CMS code, go through and install all clean code for all your plugins / extensions.  Just deactivate and delete them, then reinstall and reactivate them, one after the other.   Finally, check all your registered users.  If you’re supposed to be the only one, you can shout “Bang you’re dead!” as you hit that delete button.  If you have to sift through multiple legitimate users, you’ll have to use your judgment as to who belongs there and who doesn’t.   Particularly suspicious to me are people from far flung countries you never expected would care a whit about the subject matter of your site.  But alas, I run a legitimate Russian music site, so that Russian subscribers/members from Russia is not that much of a surprise to me.

With this fresh replacement of all your code, including your .htaccess text file, and the weeding out of your users, the odds are pretty good you’ve taken care of the problem.  The only possibility left would be your mysql database.  Yes, that could be corrupt, but judging from my own experience, less likely.  The only way to be sure is to plan ahead of time.  There are plugins and extensions available you can install in your site which you can use to schedule regular backups of your database.  If you post often, you probably want a daily backup.  If you post less frequent updates, you could get by with weekly backups.  But as long as you have that running on autopilot, you can be sure of having a clean copy of your database to restore, and thus stand to lose a minimum of work.

Hope this helps!

 
I have a customer who is just not happy with her WordPress web site. While the template customization turned out even more beautiful than I expected, and the wiz-bang plugins it’s running turn it all to magic, it is just not presenting her large inventory of products the way she envisioned. Not only that, but several of her competitors are obviously not using WordPress, but some storefront type of software, (although it’s not always possible to tell exactly what). So she is expecting her customers will be more in tune with more catalog-type, less bloggy type, web sites. We had given WordPress a valiant go on this site, but it just didn’t fit. osCommerce is now installed and running, and all she needs to do is upload her catalog of products and start managing her store.

So now, I am very excited to be adding osCommerce to the list of offerings through at Sun Web Studio. osCommerce is very nice storefront catalog & shopping cart software, with a great many features for just getting down to business, attractively presenting many categories of products, and automatically calculating shipping rates and sales tax. It also has the built in ability to keep accounts records, run specials, and especially nice is the ability to stay in touch with customers via email newsletters. This is so very important to your online business succeeding and thriving.

Yes, it enables us to change and customize templates, too. Your web site will be beautiful!

Wow, I feel like my head is going to explode! I am working on a very big project, automating the connection between buyers and sellers in a large but well defined particular niche, and it’s not just a sole proprietor kind of operation. This needs extensive interaction with both customer bases, big advertisers, and extensive data tracking.

I had at first proposed WordPress or WordPressμ (μ=mu=multi-user) and that might actually become part of this project, but I quickly realized it was bigger than that. Don’t get me wrong. I really like WordPress. It started out as a little blog software that grew into a very nice CMS – Content Management System. But I started thinking this project needed something different, something as big as a major news outlet would use, with many sections, each a web-site and a half in itself.

I’m a big fan of Open Source, so I started looking seriously at Joomla. I had dabbled in it a year ago, but didn’t have a project big enough to fully explore it. So wow, now I’m heavy into it. It is NOT like WordPress at all. You have to define things before you can define things before you define things, and the documentation hasn’t really caught up with it. You have Components, Modules, Plugins, and Extensions, that are arranged in a flip-over hierarchy. Sometimes things outrank other things, and sometimes it’s reversed. And Categories & Sections are not the same. And God forbid you should write an article before a Category is defined for it. God forbid you define a Category before a Section is defined for it. God forbid you want to build a Menu before all your Sections and Categories are built. God double-forbid you want to enter content anywhere before your web site is finished!

Well, I am finally getting the hang of it, but Joomla has a pretty ultra basic Registration form, and a pretty basic Contact form, and God hang you for thinking a Registered user is a Contact! So of course, we need to go trolling for expanding Extensions to collect all this data.

Which brings me to what to do with this data??

Ha! Well, I’ve told you previously about SugarCRM. CRM=Customer Relationship Management. You need that for big projects. But I didn’t want to have Joomla collecting Registration/Contact data for me to manually import or type into another database every day! So I went looking for an automated method to collect all the data we needed, and stuff it in a CRM, and I found these people, OpenWebApps, who wax quite elequent about vTiger, an Open Source competitor for SugarCRM, and who very kindly provide another extension for collecting unlimited fields on your contact form, er um, registration form, in Joomla, and importing them into vTiger. Wow, that’s exactly what I need.

So I’ve gone through the process of installing Joomla (configuring it will be an ever ongoing process), and I’ve gone through the process of installing vTiger, both on my client’s preferred hosting service, and every hosting service has its quirks. But I got them both working fine now. And both have nearly empty databases.

NOW the job will be getting them to handshake, and it is at this point that I stop and fix some dinner, because my head is going to explode! But don’t worrry. I’ll rest a bit and come back to it. I love a good challenge!