Russian Telecom giant repels DDoS attacks on country’s 5 largest financial institutions

Russian telecom giant Rostelecom has thwarted DDoS-attacks on the five largest banks and financial institutions in the country, the company said in a statement.

All the attacks were recorded on December 5, 2016, the longest of them lasting for over two hours, Rostelecom said on Friday.

Russian Telecom giant repels DDoS attacks on country’s 5 largest financial institutions

“The analysis of the attack sources carried out by Rostelecom specialists revealed that the traffic was generated from the home routers of users who are usually referred to IoT devices,” Muslim Medzhlumov, director of the Cybersecurity Center for Rostelecom, said in a statement, published on the company’s website.

“A distinctive feature of the attacks was that they were organized with the help of devices that support the CWMP Management Protocol (TR-069). A few weeks ago, a serious vulnerability was revealed in the implementation of this protocol on a number of devices from different manufacturers, which allows attackers [to] organize DDoS-attacks. At the beginning of last week, the largest German operator Deutsche Telecom was subjected to an attack on users’ home devices, as well as the Irish provider Eircom,” he explained.

The Russian Federal Security Service (FSB) reported on December 2 that it had received intelligence of foreign intelligence services preparing large-scale cyber-attacks in Russia in the period starting from December 5, 2016, aimed at destabilizing Russia’s financial system and the activities of a number of major Russian banks.

A RIA Novosti source close to the Central Bank reported that the Bank of Russia recorded several attacks on December 5 on the site of VTB Bank Group.
On Tuesday, Russian President Vladimir Putin signed into effect an updated doctrine on information security. It states that the limitless flow of information has a negative impact on international security, as it can be employed to pursue geopolitical and military goals, thus favoring organized crime, extremists and terrorists.

The doctrine notes that Russian government agencies, scientific centers, and military industries are being targeted by foreign intelligence services by means of electronic and cyber surveillance.

To counter threats and challenges in the information environment, Russia will build “strategic deterrents” and step up efforts to “prevent armed conflicts that stem from the use of IT.”

The doctrine also instructs government agencies to strengthen critical information infrastructure to protect against cyber and computer network attacks.

F-Scrack service weak password detection script

1. Write a python function <br> lightweight weak password detection script, currently supports the following services: FTP, MYSQL, MSSQL, MONGODB , REDIS, TELNET, ELASTICSEARCH, POSTGRESQL. 
2. Features <br> command-line, single-file, green, easy to use in each case.
   Without any external library and external program support, all protocols are used socket and built-in library for testing.
   Compatible OSX, LINUX, WINDOWS, Python 2.6 + (lower version of your own tests, theoretically can run). 
3. Parameter Description
   Python F-Scrack.py -h 192.168.1 [-p 21,80,3306] [-m 50] [-t 10]
   -h must enter the parameters to support ip (192.168.1.1), ip segment (192.168.1), ip range specified (192.168.1.1-192.168.1.254), ip list file (ip.ini), limit up to one scan 65,535 IP.
   -p Specifies that multiple ports be used, such as 1433, 3306, 5432, to scan the port list. Unspecified Scanning with built-in default port (21,23,1433,3306,5432,6379,9200,11211,27017)
   -m Specifies the default thread count of 100 threads
   -t Specifies the time-out for the request.
   -d Specifies the password dictionary.
   -n Do not perform live detection (ICMP) to scan directly.   
4. Use examples
   Python Scrack.py -h 10.111.1
   Python Scrack.py -h 192.168.1.1 -d pass.txt
   Python Scrack.py -h 10.111.1.1-10.111.2.254 -p 3306,5432 -m 200 -t 6
   Python NAScan.py -h ip.ini -n    
5. Special Statement <br> This script is only available for authorized penetration testing as well as its own security detection.
   This script is for learning and use only, is free to improve, forbidden to extract to join any commercial product.   

How to install and use : 

Download tool : https://goo.gl/aayb1P

XSS Scanner

Damn Small XSS Scanner (DSXS) is a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.



As of optional settings it supports HTTP proxy together with HTTP header values User-Agent, Referer and Cookie.

How to use 

Download tool : https://goo.gl/0bLt5d

vBulletin Vulnerability Scanner

OWASP VBScan

OWASP VBScan (short for [VB]ulletin Vulnerability [Scan]ner) is an opensource project in perl programming language to detect VBulletin CMS vulnerabilities and analyses them . 

Why OWASP VBScan ?

If you want to do a penetration test on a vBulletin Forum, OWASP VBScan is Your best shot ever! This Project is being faster than ever and updated with the latest VBulletin vulnerabilities.

• Project Leader : Mohammad Reza Espargham                                                                           
•     How to use  :

Download Tool : https://goo.gl/vHEV9o

An open source XSS vulnerability scanner.

anti-XSS is an open source XSS scanning tool which comes with a powerful detection engine. It automates the process of detecting as well as mining XSS scripts and generate the scanning report automatically.

Requirements

• Python 2.7.x
• Reportlab   

How to install   

Download Tool : https://goo.gl/sigm58

Jboss verify and EXploitation Tool

JexBoss is a tool for testing and exploiting vulnerabilities in JBoss Application Server.  

Features 

The tool and exploits were developed and tested for versions 3, 4, 5 and 6 of the JBoss Application Server.

The exploitation vectors are:

• /admin-console [ NEW ]
  • tested and working in JBoss versions 5 and 6
• /jmx-console
  • tested and working in JBoss versions 4, 5 and 6
• /web-console/Invoker
  • tested and working in JBoss versions 4
• /invoker/JMXInvokerServlet
• tested and working in JBoss versions 4 and 5   

How to use :    

Download Tool : https://goo.gl/ONnBQv

Social-Engineer Toolkit

DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period.

Features 

The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio.    

How to use 

Download Tool : https://goo.gl/NCGByn

SSH Audit Python Tool

ssh-audit is a tool for ssh server auditing.

Features

• SSH1 and SSH2 protocol server support;
• grab banner, recognize device or software and operating system, detect compression;
• gather key-exchange, host-key, encryption and message authentication code algorithms;
• output algorithm information (available since, removed/disabled, unsafe/weak/legacy, etc);
• output algorithm recommendations (append or remove based on recognized software version);
• output security information (related issues, assigned CVE list, etc);
• analyze SSH version compatibility based on algorithm information;
• historical information from OpenSSH, Dropbear SSH and libssh;
• no dependencies, compatible with Python 2.6+, Python 3.x and PyPy;  

How to use  

Download Tool : https://goo.gl/uA5Ojh

Regional Internet Registrars

ARIN                    North America

APNIC                 Asia Pacific Region

LACNIC              Southern and Central America and Caribbean

RIPE NCC            Europe , the Middle East and Central Asia

AfriNIC                Africa



Country IP Ranges Tools :

More : http://services.ce3c.be/ciprg/

Network Questions And Answers

1) What is Routing?

Routing is the process of finding a path on which data can pass from source to destination. Routing is done by a device called routers, which are network layer devices.

2) What is the purpose of the Data Link?

The job of the Data Link layer is to check messages are sent to the right device. Another function of this layer is framing.

3) What is latency?

Latency is the amount of time delay that measures the point from which a network device receives a data frame to the time it sends it out again towards another network segment.

4) What is subnetting?

Subnetting is the process of creating smaller networks from a big parent network. Being a part of a network, each subnet is assigned some additional parameters or identifier to indicate its subnet number.

5) How are internetworks created?

Internetworks are created when networks are connected using routers. Specifically, the network administrator assigns a logical address to every network that connects to the router.

6)  What are packets?

Packets are the results of data encapsulation. These are data that has been wrapped under the different protocols of the OSI layers. Packets are also referred to as datagrams.

7) What are segments?

Segments are sections of a data stream that comes from the upper OSI layers and ready for transmission towards the network. Segments are the logic units at the Transport Layer.

8) Mention what is the size of IP address?

Size of IP address is 32 bit for IPv4 and 128 bit for IPv6.

9)  Mention what is DHCP?

DHCP stands for Dynamic Host Configuration Protocol.  DHCP assigns an IP address automatically to a given workstation client.  You can also make static IPS for machines like printers, servers, routers and scanners.

10)  Mention what is the difference between dynamic IP and static IP addressing?

Dynamically IP addresses are provided by DHCP server and static IP address are given manually.

11) Mention what are the ranges for the private IPS?

Ranges for private IPS are

• Class A: 10.0.0.0 – 10.0.0.255
• Class B: 172.16.0.0 – 172.31.0.0
• Class C: 192.168.0.0 – 192.168.0.255

12) Mention what is the difference between TCP and UDP?

TCP and UDP both are protocols for sending files across computer network

TCP (Transmission Control Protocol)	UDP (User Datagram Protocol)
TCP is connection oriented protocol. When connection lost during transferring files, the server would request the lost part.  While transferring a message, there is no corruption while transferring a message	UDP is based on connectionless protocol. When you send data, there is no guarantee whether your transferred message will reach there without any leakage
The message will deliver in the order it is sent	The message you sent may not be in the same order
Data in TCP is read as a stream, where one packet ends, and another begins	Packets are transmitted individually and are guaranteed to be whole if they arrive
Example of TCP includes World Wide Web, file transfer protocol, e-mail,	Example for UDP are VOIP (Voice Over Internet Protocol) TFTP ( Trivial File Transfer Protocol),

13) What is communication and how it is differ to transmission?

Communication means exchanging of data between source and destination. Whereas, transmission refers to only transferring of data from source to receiver.

14 ) What is point-to-point transmission protocol?

It is an industry standard in which the exchange of multiport datagrams is done use of protocol that is providing point-to-point link.  

15) Difference between public IP and private IP?

Public IP should be unique address that is assigned to a company. Private address can be used by anyone on private network because it is not recognized by the internet.

DDos && DOS Script Tools

How To Use DDOS Tool 

DOS Tool  

GoldenEye is an python app for SECURITY TESTING PURPOSES ONLY!

GoldenEye is a HTTP DoS Test Tool.

Attack Vector exploited: HTTP Keep Alive + NoCache

How To Use Dos Tool  

Download Tool : http://goo.gl/u4eIAR 

Download Tool : http://goo.gl/LLnKHv

Findsploit

ABOUT

Finsploit is a simple bash script to quickly and easily search both local and online exploit databases. This repository also includes "copysploit" to copy any exploit-db exploit to the current directory and "compilesploit" to automatically compile and run any C exploit (ie. ./copysploit 1337.c && ./compilesploit 1337.c).

For updates to this script, use git clone https://github.com/1N3/Findsploit.git

INSTALLATION

./install.sh

How To use 

Download Tool : http://goo.gl/oLWyQM

Two functions to attack Web Application Firewalls.

WAFNinja is a CLI tool written in Python. It shall help penetration testers to bypass a WAF by automating steps necessary for bypassing input validation. The tool was created with the objective to be easily extendible, simple to use and usable in a team environment. Many payloads and fuzzing strings, which are stored in a local database file come shipped with the tool. WAFNinja supports HTTP connections, GET and POST requests and the use of Cookies in order to access pages restricted to authenticated users. Also, an intercepting proxy can be set up. 

How to use :  

wafninja.py [-h] [-v] {fuzz,bypass,insert-fuzz,insert-bypass,set-db} ... 

Example Usage: fuzz: python wafninja.py fuzz -u "http://www.target.com/index.php?id=FUZZ" -c "phpsessid=value" -t xss -o output.html 

bypass: python wafninja.py bypass -u "http://www.target.com/index.php" -p "Name=PAYLOAD&Submit=Submit" -c "phpsessid=value" -t xss -o output.html

insert-fuzz: python wafninja.py insert-fuzz -i select -e select -t sql

positional arguments: {fuzz,bypass,insert-fuzz,insert-bypass,set-db} Which function do you want to use?   

Demo :  

fuzz                check which symbols and keywords are allowed by the WAF.

bypass              sends payloads from the database to the target.

insert-fuzz         add a fuzzing string

insert-bypass       add a payload to the bypass list

set-db              use another database file. Useful to share the same database with others. 

optional arguments: -h, --help show this help message and exit -v, --version show program's version number and exit  

Author : khalilbijjou 

Download Tool :http://goo.gl/DrZv3T

Who is responsible for your cloud application breach?

Cloud application security has been a big concern of lately due to several data breaches occurring in the cloud services such as the icloud hack, Target, Home Depot, United States internal Revenue system. Therefore the security of application poses a question as where does the responsibility of the application security lie?
Is it with the vendor or the company or person availing the services? The answer goes both sides, as the security aspect of the server side is only covered by the vendor of the cloud application services the client side still needs the security which is mostly overlooked by the people or the companies.
The client side application security is of utmost importance as only the server side security is not enough to protect the application from security breaches.
The different kind of security threats which pose a great danger to the cloud application security are as follows:

Data breaches

• Account Hijacking
• Compromised credentials
• Permanent Data loss
• Shared Technologies
• Cloud service abuse
• Hacked Interface and API

 

Data Breaches

This is one of the biggest threat to the cloud services because of the vast amount of data stored on the cloud servers. The sensitivity of the data can be imagined easily, as the cloud is storing the financial details as well as personal details of millions of people. And if this vast amount of data is breached in any case it will cause a downfall of the company and also a threat to the lives of people who have been exposed due to the breach.

 

Account Hijacking

This attack has been there for a quite long time, it includes Fraud, Phishing, Software Exploits etc. Using these kind of attacks, the cloud services can be compromised and can lead to launching of other attacks, changing the settings of account, manipulate transactions, uploading malwares and illegal contents.

 

Compromised Credentials

The credentials are compromised generally due to weak passwords, casual authentication, poor key or certificate management. Also the identity access management becomes a problem as the user access are sometimes not changed with the job role and responsibilities or when the user leaves the organization.
Embedding credentials and cryptographic keys in source code and leaving them in the online repositories such as GitHub also makes a big vulnerability which can be exploited easily. Aligning the identity with the cloud provider needs an understanding of the security measures taken in account.

 

Permanent Data Loss

Malicious hackers have gained access to the cloud services and deleted data permanently in the past affecting the business. Also the cloud data centers are vulnerable to natural disasters which can swipe away the data which has been stored on the cloud.
If the user encrypts the data before uploading to the cloud and loses the key then data is lost. Thus the client side protection of data should be managed and well kept. Permanent data loss can lead to financial crisis and disruption of the working system.

 

Shared Technologies

As the cloud service providers share infrastructure, platforms and applications from different sources therefore any reconfiguration or vulnerability in these layers affects the users and can also lead to compromise of the users system as well as the cloud depending upon the potential of the vulnerability.
Thus the security alone at the cloud server side is not only the real issue, Security has to be maintained at a vast level consisting of all the aspects of the cloud environment. The client side also needs to be secured as the attacks also possible from the client side due to low or no security measures.

 

Cloud Service Abuse

Cloud applications are breached to gain access to the commanding position in the cloud where the resources can be used for different malicious purposes such as launching a DDOS attacks or sending bulk spams and phishing emails, breaking an encryption key or hosting Malicious content.
This abuse may lead to unavailability of the services or can also lead to loss of data of the users stored on the cloud, therefore it is very much necessary to secure the applications from abuse.

 

Hacked Interface and API

To build an application now the developers are using ready to use interfaces and API to make their work simple, but these API’s and Interfaces tend to be the most exposed part of the system as they are available freely on the internet.
Almost every cloud service and application now offer API, IT reams are using these interfaces to interact with the cloud services such as management, provisioning, monitoring etc. Thus the level of threat to the cloud services increases manifold. This requires rigorous code reviews and penetrating testing to secure the application and services.

 

Conclusion

As we see that there are a lot of possibilities of breaching your data stored in the cloud due to the importance of data. Therefore your data cannot be secured alone just by the cloud service provider, there is a shear work required from the client side to protect the application and data from the outer security threats. Therefore security audits should be done in order to secure your precious data from threats.

Please do not hesitate to contact us for your budget security test contact@briskinfosec.com.

Why Hackers Can Target your Website?

Today website hacking does not limited to any one aspect or motive, there are different purpose for which websites are hacked now on a daily basis.
Defacement of website is generally what is considered as website hacking but it is not all, there is a lot more to it and is more than other things. Talking about website hacking we have classified the most sought reasons, 

which are as follows:

• Lack of Awareness
• Economic Gains
• System resources
• Revenge Hacking or Competition
• Showing off skills
• Script Kiddies

Lack of Awareness

This is one of the major cause of low security of the websites. People work on the outdated technologies and software, and also do not apply the vendor patches. They do not have any security measures installed to protect their websites against the attacks. This happens due to overconfidence or no knowledge about the security.
There are new ways and new vulnerabilities revealed every day which may or may not concern you but it may harm the website in some aspects, thus proper security and care of the website is very important. Once the user lose confidence due to website failure they will move to alternatives which will be a loss to the company. So to avoid this proper security measures are very important.

Economic Gains

As the name suggests this type of hacking is for Monitory Benefits. The attack of this kind are known as Drive by downloads and Blackhat SEO campaigns. Drive by Download means injecting some malicious code into the website and then affecting all the users of that website, by downloading the malicious files to their systems while Blackhat SEO refers to redirecting users to different websites which may have not been intent of the users. In this way, there will be a sense of dismal among the users giving a bad impression of the website and ultimately affecting the number of visits.
Example: Downloading a malware on user system and getting all credentials such as usernames and passwords of all the websites visited, including financial details.

System Resources

This is also a major cause for hacking of websites, the hackers use the resources such as bandwidth and physical server resources for their illegal purposes. The hackers compromise the website using the Bots and the Malicious Scripts which give them access to the server and they can use the resources as an administrator.
The bots can be used in different kind of distributed web attacks like Dos attacks, Brute force attacks or other automated attacks against other websites. Due to these illegal activities from your website your host may shut you down causing a lot of trouble for you and your users.
Example: Hacking to store illegal pirated software copies and pornographic contents. Also indulging in DOS attacks and DDOS

Revenge Hacking or Competition

Due to High competition in today’s world for providing services, there is a greater probability of your website getting hacked for the benefit of other websites.
Also the losses suffered by others due to your good services may come as a revenge threat. There may be some group of people who would like to bring down your website to bring a bad name and a situation of distrust among the users.
Example: Company A & B are into same business, A gets Hacked so the customers of A will be going to B for services thus eliminating A as a competition.

Show Off

Several Hackers just hack the websites for fun and showing off theirs skills to the hacker community to get name and fame. This kind of hacking is done without any purpose it just exploits the security vulnerabilities present in your website. There are a lot of hackers of this kind who continuously look out for vulnerable websites and hack them thus affecting the website and its services for quite some time.
Example: Posting the defaced website links and screen shots on public domain with the coded name and claiming to have hacked it.

Script Kiddies

Script Kiddies are the people who do not have the working knowledge of the computer and networks, they are people who are trying to hack a website using the scripts written by other hackers without understanding the process of hacking.
Script Kiddies do these things to make themselves famous among their peers to get recognition as a hacker or to attract attention of someone. There is no other motive than this, and any website having vulnerability can be exploited by the script kiddies, which will hinder the services of the website and will upset the users.

Conclusion

As your website holds your presence online therefore it is important to secure it. Also it gives your some revenue from the advertisements if it holds any. People are less aware of the website security threats in compare to web applications which leads them to be an easy bait for the hackers to bring down their website.
People will lose their trust on your services if your website is hacked, therefore proper security methods are required to secure your website from the threats, which can be implemented after a security audit by a professional or security company.
We are offering such website security services at a very decent price of $99, if you need any kind of security services do contact us at contact@briskinfosec.com

Security Test Checklist for Joomla 3

Any website can be hacked. There is no set of security steps that you can take to keep your site 100% safe from hacking. Hackers may be malicious and actually steal information from your site. Other hackers may be pranksters that simply want to bring down your site and replace it with obnoxious graphics. Your site could be hacked and you don't even know it, the hackers are just monitoring the site to see if any goodies show up.
There are steps that you can take that increase the security of your site and make it safer. 

Basic security steps:

Only install official versions of Joomla.

Joomla installations are often included with third party templates. They offer a one step install where you install Joomla and their template is already set up as the default with all its custom appearance, functionality, components and plugins. Be very wary of these offers. Be sure that these are popular and highly regarded templates. If they don't offer the option of installing the template separately from the Joomla installation, steer clear. It could be that the Joomla version has core files that have been changed, causing conflicts with other extensions and upgrades. It could be that the plugins they have installed have vulnerabilities.

Never use 'admin' as a login name, never

Do not use admin or other obvious login names for logging into your Joomla site. If you have multiple contributors, do not use some standard way of creating login names, such as last name-first initial. It makes it too easy to figure out for others. You may think that the password will be enough, but having an obvious login name is a foot in the door.

Use well formed and unique passwords

Passwords should never be regular words. They should be a long combination of upper and lower case letters, numbers and a special character or two or three. The more characters in your password, the better.

Change your password from time to time

It is a good idea to change your login password on a regular basis.

Never give your password to others to get into the site

Even if you trust someone completely, it is better to create a user account that you can delete later. 

Backup, backup, backup

Backup your site's files and database regularly. Backup again before making major changes or installing any extension or template. Backup before running upgrades.

Keep your Joomla site up to date

Upgrading can be a bothersome task, but it is still better to take the steps to upgrade if a new version comes out. Newer versions will have fixed known security issues.

Check your Users list in User Manager

See if there are any registered users that should not be there. If there are, it may mean that your site has already been hacked.

Remove the login module if you don't use it

If you don't need people to login into the front end, remove or unpublish the login module. You can still login to the front end of your site by adding
index.php?option=com_users&view=login
to the end of your url if you need to.
The login form creates an open invitation to hackers. Keep in mind, a Joomla hacker will know how to get to the login form even without a login form displayed in a module or page. Removing the login form will only keep out the novice hacker.

Turn off user registration, if you don't need it

If you don't have a forum, allow comments or have some other reason for users to register, turn off Allow User Registration in the Global Configuration for Users Manager. If you do leave it on, never allow users to be any level higher than Registered unless you take manual steps to allow them more permissions.

Installing Extensions

Backup your site before installing extensions

Backup your entire site, folders and database, before installing any extension or running any upgrade.
Learn how to restore the backed up files and database in the case that your site is hacked.

Only use popular and highly rated extensions

Check extensions.joomla.org for the rating on any extension. Popular extensions will likely keep up with Joomla upgrades. Even good and popular extensions can introduce security loopholes. If an extension is not listed at extensions.joomla.org, it probably should not be installed.

Review the Joomla Vulnerable Extension list

You can see a list of extensions that have known issues at vel.joomla.org. Some extension providers will have fixed the problems and have a newer version, so watch what version is on the Vulnerability list.

Only use Open Source extensions

Extensions, whether components or plugins, can come open-source or encrypted. If they are open-source, the code is all visible as PHP, JavaScript or other readable script. If it is encoded, there is an added possibility that it has hidden security risks.

Install Security Extensions

Go to extensions.joomla.org and research Joomla extensions that increase site security, if added security is important for your site. Some of these extensions will have lockouts for someone entering a wrong password too many times, so be sure YOU don't try too many passwords.

Minimize the number of extensions you have installed

The more extensions you have installed, the more places for hackers to break into your site. You should also minimize the number of extensions for site speed and ease of upgrading.

Your Hosting Environment, Folders, Files and Database

Consider using an SSL server 

Sites that have an SSL certificate have https:// for the protocol. This protocol uses encryption to send data over the web. It is not 100% safe, but it is much safer than not having this functionality. This protocol does not protect your site itself from hackers, it simply encrypts the data being uploaded and downloaded. You should purchase an SSL certificate if you:

• Deal with any personal information about your registered users, even something like email addresses or phone number
• If your site deals with money transaction
• If you have forms that ask for personal information, such as event registration, forum registration, etc.

Use dedicated servers if possible

Most discount web hosting use shared hosting to keep the costs down. If you have a site with information that should not be public, consider the added costs of dedicated hosting. This way, your Joomla site is on its own server. As an added benefit, dedicated servers are also much faster than shared servers as far as downloading large web sites.

Protect your hosted folders and files

Watch the permission settings on your folders and files. Hackers can tell you have a Joomla site by simply looking at the source code and will know which files have security vulnerabilities. Folders should have permission level of 755 and files 644. Unfortunately if you assign even higher security permission levels, you can break your site as Joomla needs to access certain files and folders to work properly.

If you create new folders, add an index.html placeholder file

If you create folders in your Joomla installation via FTP or through your hosting control panel, you should include a placeholder index.html file in the folder along with the other files. This keeps hackers from being able to list the content of the folder in a browser window.

Keep your site's folders and files tidy

Remove any unused files or folders. Be sure to remove the installation folder after installing Joomla, don't just rename it.

Use separate login and password for hosting login, database login and Joomla login

Do not use the same login and password for your Joomla site as for your hosting account and/or database. This is like having the same set of keys for every item you own. If the thief has one set of keys, he can steal everything.

.htaccess security steps

You can add lines to your .htaccess file that will keep the casual hacker from accessing specific folders.

My Joomla site has already been hacked, what do I do?

Refer to this Joomla.org article:
https://docs.joomla.org/Security_Checklist/You_have_been_hacked_or_defaced