Many of joomla websites on my server have been hacked; no other kind of website

Question

Today I got that many of Joomla websites on my server are hacked.

• Some of the hacked joomlas were updated (the last version from 2.5 series) with the last version.
• In many cases, the main index.php were hacked (not the index.php of their templates).
• Not ALL the joomla sites were hacked.
• The hosting control panel is Directadmin
• Centos's root password and Directadmin's admin password and the main reseller's password are strong enough.
• For each joomla, all user's passwords were changed.
• For one of the sites, the whole images folder were completely deleted.

The hacker might have let some backdoors for himself.

Previously this had happened, but since a very long time (about more than a year) this hadn't been occurred.

What should I do to make my server stronger enough? Is that very common?

I think that it's now the problem of the server, not the problem of each joomla site.

Answer 1

These are some tips for your solution

Security Tips :

• Change SSH port from 22 to another.
• In DA control panel , login as Admin Level->Administrator Settings->Blacklist IPs for excessive DA login attempts.. set it to smaller than 10.
• Change your mysql administration password and limit other users.
• Do not use same password for your ssh , DA etc.
• An antivirus is a good choice to block hackers.
• If you have iptables on your centos , be sure that your configuration is strong.
• Shared hosting have lots of defects and you have to monitor and check processes some times.

Although maybe this problem is for joomla security!