Viperfish Media is the home of freelance Joomla designer and Joomla developer, John Pitchers. Based in Perth, Western Australia, John specialises in all aspects of Joomla website development.

It happened again today, I was contacted by a Joomla user who's site had been hacked...

Being hacked is no slur on Joomla. It remains one of the most secure and stable CMS's available. But, in order for it to be secure it needs to be installed and configured properly and certain precautions need to be taken. Namely, keeping your site and 3rd party components up to date.

In this case the hacker gained access to the server and overwrote only one file. It was enough to display a bright red screen toting a Turkish flag and preventing any access to the site or backend.

However, it could have been a lot worse. The hacker could have completely wiped the servers or corrupted the database. He (or she) could have installed malicious scripts or a multitude of other things. What he did is highlight a security flaw, a chink in the armour which was quickly repaired and measures are now in place to stop this from happening again.

And, it seems this hacker has been busy as this Google search will show you there are many sites currently affected by this persons handy work. http://www.google.com/search?hl=en&q=cukurOva%27li&btnG=Google+Search  

It goes to show that it doesn't matter who you are or what type of site you have, anyone's site can get attacked. 

The motto of this story - BACK UP, BACK UP, BACK UP!!

More information about Joomla security can be found at the following links.
Joomla Security Forum
Joomla Administrators Security Checklist