Nederlands 
English 
Is your Joomla Website Hacked?
A Joomla website that is not properly maintained is potentially vulnerable and can become a target of a hacker. Over the past few years, I have come across several hacked websites and none are the same. So there is also no 1 solution, but if you follow these steps, you are most likely to still be able to restore your website (for the most part).
How do you find out your website has been hacked?
Sometimes you see it immediately, when you open your website a message from the hacker appears.
Sometimes they operate invisibly, your website continues to function and you don't actually notice anything. Meanwhile, the hacker places various files and scripts on the website that can be used to send malware (such as viruses) or spam, for example. At some point, it will be discovered by Google and they will block your website.
The report for your website can be found at: http://www.google.com/safebrowsing/diagnostic?site=jouwdomeinnaam.nl (replace the last part with your own domain name)
How can you clean up your website?
The important thing is to take your time! Don't start deleting files in a panic, because this could make recovery impossible.
1) What is the cause of a hacked website?
To clean up a hacked website, you obviously need to know where and how it went wrong. In many cases, a hack can be prevented by:
- Choosing a good hosting party that ensures optimal security. As with so many things, here too: "Cheap is expensive".
- Using secure passwords, not only in your Joomla environment, but also with FTP and database.
- Using secure extensions. If you want to know if the extensions you use are safe, take a look at the Joomla Vulnerable Extensions List
- Keeping your Joomla environment and its extensions up-to-date.
- Using good anti-virus software on your PC.
It is advisable to also inform your hosting party and look into the cause together. In addition, they can already take technical measures or give advice.
2) Scan your computer for malware
It is possible that your computer is also infected. It certainly can't hurt to scan your computer with MalwareBytes AntiMalware, for example. In some cases, malicious software may have found out your username and password and gained access to your website.
3) Take the website offline
To prevent further infection, I recommend taking the website offline. Just "display offline", when you can still access the administration screen of Joomla, is certainly not enough. After all, the hacker may just have access to all the data. Have the DNS data point to a static page on another server that uses the HTTP status code 503 to quarantine your website.
Use FTP and phpmyadmin to copy the website so you can restore it offline.
If you have a backup of the website, remember that it could also be infected. If you also have older backups, it is useful to compare these files. You can choose to restore the outdated but clean backup. You may have lost some data, such as newly registered users or an article you had written last week.
4) Change the passwords
Change passwords for all site users and accounts. This includes logins for FTP, databases, email accounts, accounts for system administrators and Joomla itself, of course.
If you forget this step, chances are you will be hacked again within days of recovery.
5) Cleaning up the system
If you don't have a clean backup, then you need to clean up the system to remove such the hack.
During this step, you run through all folders to see if any strange files have been added. Since existing files can also be modified, overwrite the files with the joomla core files. Make sure you do this with the latest version from the joomla series you are using. It makes no sense to overwrite a Joomla 1.5 system with Joomla 3 files. So grab the most recent version of Joomla 1.5.x for this.
It is also important to reinstall the extensions, again make sure you always use the latest version.
And finally, the database should be checked for suspicious content. These could be, for example, text fields that now suddenly contain iframes or scripts.
Once the clean-up is complete, you can put the website back online. Do not forget to inform Google that security has been restored and that the block can be lifted. You can do this in the Google webmaster tools.
6) Planning for the future
As you can see, it takes quite a lot of time and effort to restore a website. What are you going to do about it to avoid this in the future?
For a start, you need to start making sure your website is updated or migrated to the latest Joomla version.
Make use of security extensions such as Akeeba Admin Tools
Make regular backups, and check them!
If you don't feel like or have time to constantly update the website yourself, consider a Joomla maintenance contract.
