How secure are the templates and t3 framework?

Two weeks after I installed your template ()myStore) to my site it was attacked by hackers. Today I had to close the site. Working now to resolve the problems. By now I don't now how they came into my site, but it brings up this question.

How secure are the templates and t3 framework?
Is the t3 framework safe?
Are you using the laste version of t3?

Since i'm not sure if it's thru the template or t3 framework they came in, i'm not attacking your templates. I'm just looking for answers. I'm very desperate to try to get the hacker out.

To be able to determine the entry-point of any attack, more information is required than just purely asking the questions above.

Security is a massive subject, covering a huge number of topics, configurations, environmental factors and most importantly site/server/software administration.

Initial questions to also look in to would be;

* Was the site, simply defaced? exploited by a shell?
* Was it a file inclusion exploit? File upload compromise? IFrame injection? DB compromise? Hosting/FTP Account access?
* Is Joomla! at the latest release?
* Was the Joomla! Security Guide followed?
* Are all your extensions up to date (and not listed on the VEL)?
* Is the hosting environment good/secure/well configured?
* Is PHP well configured and secured with something like Suhosin?
* Are there any 'unsafe' permissions on the directories or files?

You do have a known good backup? Don't you?

Exploits and compromises, can be effected many months ago and only exercised recently, look for modified files from awhile ago. Sites may have been online and available for many many months, years even, before they get attacked, just because it only happened two weeks after a change, this does not necessarily relate directly to the change. The possible fact that the site appears to be an online store, makes it more likely to be targeted (if it is a store based site, did you only recently switch to being a store, rather than maybe a brochure style site?)

This is not to say that your assumptions are definitely incorrect, and by no means am I defending the template or framework itself (I don't have enough knowledge of either to honestly say it is, or is not an issue) but I am just saying that there are many more factors to consider before jumping to conclusions that effect a large number of users and can possibly cause unnecessary concern for some.

These questions are many of the things I try to find the answer from.

My ftp is filling up with a lot of files. Fatalisticx, shaun k-script. many more.

I have the latest release of joomla. I try to keep all my 3rd party extension up to date all the time.

I got to now the VEL list yesterday.

My hosting environment is a good and well secured hosting company.

Suhosin. Haven't heard about it before.

Most of the files are at least with the right permission.


I read about a security ssue in the gantry framework. That is one of the reasons why I brought up the question.

My site is a news site. With no store. Only using the template.

What type of hosting and with who?

This is the problem with using a hosting company on a shared server, or even a dedicated server since they don't usually administer it.


Future of hosting is Cloud Hosting, for many reasons.

I use OSE (opensource-excellence.com) for all my security. The security suite offers a ton of goodies. Also read... http://magazine.joomla.org/issues/Issue ... ets-hacked <-this, and other security articles by the same author. Once you've been hacked though, you find they can leave a backdoor. It's happened to me, and it can be an aggressive, hard to track down sob.