#30743 – firewall not working

Posted in ‘Akeeba Admin Tools for Joomla!’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Sunday, 06 January 2019 17:16 CST
Hi there,

My website host suspended my account saying a cyptominer hacked it. Someone advised me to buy your admin tools & so I installed it & still the problem existed.

I then had to buy your backup pro to install an old version of my site.

Now my host has found it is hacked once again. Can you advise if I've installed the firewall info correctly?

I have this error when I was able to login:

We have detected that your server is using PHP 5.6.39 which is obsolete and no longer receives official security updates by its developers. The Joomla! Project recommends upgrading your site to PHP 7.1 or later which will receive security updates at least until 2019-12-01. Please ask your host to make PHP 7.1 or a later version the default version for your site. If your host is already PHP 7.1 ready please enable PHP 7.1 on your site's root and 'administrator' directories – typically you can do this yourself through a tool in your hosting control panel, but it's best to ask your host if you are unsure.

So would this be the cause of my problems? Having your firewall but not an updated PHP version?
Custom Fields
Joomla! version (in x.y.z format) 3.8.6
PHP version (in x.y.z format) 5.6.39
Admin Tools version (x.y.z format) latest
Monday, 07 January 2019 02:25 CST
If your site has a cryptominer on it, it's already hacked. Admin Tools is a tool for preventing your site to get hacked again, not for unhacking your site. Also, you don't need to use Akeeba Backup Professional to restore a site. Restoration of a backup is perfectly possible with the free version of our software, both with the integrated restoration feature and of course with Kickstart.

I suspect that your site had been infected a long time ago and the attacker only chose to activate the cryptominer recently. In this case you need to fully unhack your site before putting it online again. I recommend using the services of myjoomla.com for that; they have a flat fee for unhacking sites and doing a security checkup of your site.

Once the site is unhacked, installing and configuring Admin Tools is the first step. Next up you should make sure that all your extensions are up-to-date. The same goes for Joomla! itself; the version you are using has a few known, low priority security issues. While Admin Tools protects you against them it's still a great idea using the latest version of Joomla.

Moreover, enable the .htaccess Maker feature with the Frontend and Backend protection features enabled. If an aspect of your site breaks you have an extension which tries to use an arbitrary .php file accessible over the web. This is the most likely source of the hack; these files don't go through Joomla! and Admin Tools, they are not protected and are very likely to contain insecure code (because developers who know how to write secure code know why and how to NOT use directly accessible .php files in versions of Joomla! released in the last five years). If there's an update for that extension, update it. If you get hacked again take it with its developer and / or try to find an alternative extension.

Regarding the PHP version notice, PHP 5.6 has stopped receiving security updated in December 2018. It is no longer safe for use on live sites. Please ask your host about upgrading your site to a supported PHP 7 version. Right now I recommend using PHP 7.2 and 7.3.

Nicholas K. Dionysopoulos

Lead Developer and Director

Greek: native

English: excellent

French: basic

Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 06 February 2019 17:17 CST
This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.
This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.

Support Information

Working hours: Typically we work Monday to Friday, 9am to 7pm Cyprus timezone (EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets, but we cannot respond to them, outside of our working hours.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!

Cookies Notification - Action required

This website uses cookies to provide user authentication and improve your user experience. Please indicate whether you consent to our site placing these cookies on your device. You can change your preference later, from the controls which will be made available to you at the bottom of every page of our site.