Millions of Joomla websites at risk due to bug

Joomla BugUh oh, this isn’t good.

It seems that for over two years there has been a SQL-injection vulnerability in the Joomla Platform (which is used in millions of websites) that will allow remote takeover hacks.

SQL-injection vulnerabilities allow end users to execute powerful commands on a website’s backend database by entering “special” text in search boxes or other input fields found on a website. The flaws, which are among the most commonly exploited website vulnerabilities, are the result of an insecure Web application failing to enforce the treatment of incoming data as plain text rather than executable code. Often, this makes it possible for hackers to download confidential files from the vulnerable server.

Joomla have now patched the platform, but if website owners do not install the update, they are still vulnerable.

It’s a good thing all of our websites are using the WordPress platform :-)

You can read more about this issue at Joomla Bug.

News from Google – They will help with reinstating Search Rankings after a Hack Attack

Google will help after a Hack AttackYou may not be aware, but if your website gets hacked, it will affect your search rankings.

This is obvious when you think about it. Google’s main aim is to serve up the best results for the searcher’s query, and obviously, a hacked website is not the best result!!

Google has announced that they will endeavour to assist Webmasters with reinstating their Search Rankings after a hack attack through their revamped Reconsideration Request Process.

In a recent Google Blog Post, they say they have recorded a 180% increase in the number of websites that have been hacked this year, and there has been a 300% increase in the number of Reconsideration Requests they have received.

Google have realised the difficulties inherent in their previous Reconsideration Request process, and have made a few changes that they say will assist Webmasters getting the websites back up and running and restore their previous Search Positions.

Specifically, these three changes:

  1. Better communication
  2. Improved tools
  3. A continuous feedback loop

Google have also also said that the step up for victims of hacking is part of a wider support initiative designed to protect websites from being hacked in the first place.

Better Communication will be in the form of advice specifically tailored to your personal circumstances when responding to a Reconsideration Request. Google will also make more advice available to webmasters to help improve website security and quickly tackle hacking issues if the website is compromised.

Improved Tools will be in the form of better access to resources required to recover from a hack attack. These include the auto removal of hacked manual actions (still in beta testing). This manual action removal will take place when search engine spiders detect that hacked content has already been removed – however, the webmaster will still need to submit a reconsideration request.

A hacked website troubleshooter is also available, and will guides webmasters through the steps required to recover from the attack. The “Fetch as Google” tool can also be used by showing exactly how Google sees the site. This will make it easier for the Webmaster to detect hacked content, including injected content.

Feedback from website owners that have been hacked and who are going through the Reconsideration Request process will continue to mould Google’s practices.