As I write this, both Joomla 1.5 and 2.5 have reached their EOL (End Of Life) for long time, and are not developed or supported anymore. This is a huge security risk, so the best advice here is to upgrade your Joomla site to the latest version. But what if you don't have the time/funds to do it right now?
Hmm, yeah, this might happen. But there are lot of sites still running on these outdated Joomla cores - and I know some still running even Joomla 1.0! So, it's a real issue. Here is some things you can do, to have still a relative peace of mind!
Upgrade!
Yeah, upgrade every piece of software you have on these sites to latest available versions. Not only the core Joomla, but all used components, modules and plugins.
Doublecheck!
Check the VEL (Vulnerable Extensions List), both the live and archived versions to check if you don't have any of these on your site - and remove them, if you found something fishy.
Protect!
Add a security extension to the site wich works with your Joomla version - there are some still alive - to be at least alerted if someone is doing nasty things on your site.
Patch!
The Joomla core team still releases security patches for Joomla 1.5 and Joomla 2.5 when something extraordinary is discovered - as was the case of discovery of a bug in PHP itself causing the infamous "session deserializing bug" which affected ALL Joomla installs. These security hotfixes are available here. You should bookmark this page, and immediately use the patches there if you have Joomla 1.5 or Joomla 2.5 sites (or anything in between!)
