Hello,

A friend's server has been broken into on two separate occasions. I suspect that the first time they got in through Joomla. And I know for sure that they got in through Joomla the second time.

What can we do to secure this installation so these script kiddies can't get in and deface my sites?

I've heard one solution is to block all OUTGOING on PORT 80 using iptables. However this presents me with a problem: The joomla sites have RSS feeds, and RSS won't work if OUTGOING PORT 80 is blocked. Is there a way around this?

ANY Help and other tips on security highly appreciated

Joomla is database driven, and any database driven app is vulnerable if all inputs are not checked for validity before being acted on. This means that any page you add to Joomla which includes any kind of user input will make Joomla and your entire site vulnerable via SQL injection attacks unless you act positively to prevent this.

Most likely this is what happened to you. There is a sticky on this forum about PHP vulnerabilities and how to secure PHP; read that thread, take it to heart, and make sure it is fully incorporated into your Joomla site. This will prevent cracking.

I strongly urge you to read the Joomla! Administrator's Security Checklist. As a newbie I can't post the URL, so you will need to use your favourite search engine to find it.

Regards,
Chris.

In my experience, most Joomla vulnerabilities are either mis-configured PHP settings or vulnerabilities in third party add ons. Make sure you've locked down PHP and check that any add-ons are up to date.