Provalo così.
##
# @version $Id: htaccess.txt 9975 2008-01-30 17:02:11Z ircmaxell $
# @package Joomla
# @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
#
# mod_rewrite in use
RewriteEngine On
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)
RewriteBase /portal
########## Begin - Joomla! core SEF Section
############# Use this section if using ONLY Joomla! core SEF
## ALL (RewriteCond) lines in this section are only required if you actually
## have directories named 'content' or 'component' on your server
## If you do not have directories with these names, comment them out.
#
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##
#RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
#RewriteRule ^(content/|component/) index.php
#
########## End - Joomla! core SEF Section
########## Begin - 3rd Party SEF Section
############# Use this section if you are using a 3rd party (Non Joomla! core) SEF extension - e.g. OpenSEF, 404_SEF, 404SEFx, SEF Advance, etc
#
RewriteCond %{REQUEST_URI} ^(/portal/component/option,com) [NC,OR] ##optional - see notes##
RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php
#
########## End - 3rd Party SEF Section
Però mi pare comunque strano che non abbia righe di sicurezza per bloccare gli exploit. E' tutto qui il tuo htaccess?
Ti ho già chiesto che versione di joomla?
Se è 1.0.x, aggiungi queste righe in coda:
#
#
########## Begin - Rewrite rules to block out some common exploits
#
## If you experience problems on your site block out the operations listed below
#
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
#
#
# Block out any script trying to set a mosConfig value through the URL
#
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
#
# Block out any script trying to base64_encode crap to send via URL
#
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
#
# Block out any script that includes a <script> tag in URL
#
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
#
# Block out any script trying to set a PHP GLOBALS variable via URL
#
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
#
# Block out any script trying to modify a _REQUEST variable via URL
#
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
#
# Send all blocked request to homepage with 403 Forbidden error!
#
RewriteRule ^(.*)$ index.php [F,L]
#
#
#
########## End - Rewrite rules to block out some common exploits
