: Did malware on my Joomla site come from a WordPress install? I was alerted by my web hosting and a scanning service I pay for that my website had malware (php.spam-seo.injector). My main
I was alerted by my web hosting and a scanning service I pay for that my website had malware (php.spam-seo.injector). My main website is a Joomla 3.6.4 (latest) site. All of the plug-ins are up to date. I have changed the passwords and I use a hidden redirect of the administrator side.
While the alerts are doing what they are supposed to, how do I track down where this came from to prevent it from happening again?
As added info there are several "add-on" websites on our hosting account that are WordPress sites. Some of these sites are outdated versions, but they are maintained by someone else. Can the malware be getting back to our main Joomla site through these? I would think they would only have write access to their home directories and not the root directory of our main site.
More posts by @Murray155
1 Comments
Sorted by latest first Latest Oldest Best
Ideally, websites should be hosted on their own shared web hosting account.
When one website is compromised in a shared web hosting account, then the others will also likely become compromised.
Websites sharing the same web hosting account all need to be maintained to keep the websites secure.
Once one website is compromised, you should scan the whole account to find and fix vulnerabilities.
Update Joomla, WordPress and all third party extensions / add-ons to the latest versions on all websites on a regular basis to keep all websites secure.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.