Last week we told you about the critical Joomla update. Joomla released it on Wednesday. Two hacks, combined, would allow a bad guy to create a Joomla user and then elevate it’s privileges to the point that they had complete control of your site.
Sucuri, one of the good guys who track security issues and help fix hacked sites, reverse engineered the fix to see what had been broken. Then they created a way to check if someone had hacked the site. Within 24 hours of the release, they found nearly 30,000 hacked sites.
Hackers in Romania and elsewhere had already automated the hack and Sucuri says that if your site hasn’t been updated, it is most likely already hacked. One sign from the early hack campaign was a new user named “db_cfg.” Of course, now that there are others looking for sites to hack, that may not be the only new user to your site. You may have been hacked more than once!
Ouch.
If you didn’t update your site, give us a call and we’ll help you clean it up.