Support

Have you read the Unhacking Your Site walkthrough? That's the first step to understanding what happened, how to fix that and how to prevent that. As you will see in that walkthrough article, it's possible to get hacked from the back door, i.e. another hacked site on your server lead to your site getting hacked (given inadequate ownership and permissions), through a .php file you've allowed to run directly over the web (not though Joomla!) or maybe you were exploited yesterday and hacked today. Admin Tools –like all other security extensions– can only protect you against attacks coming over the web and going through Joomla!'s index.php files. Anything else can go through, hence all the other seemingly paranoid security advice we give. Once you get hacked once I guess none of it sounds paranoid or too expensive any more. Yeah, trust me, we've all been through this.

On the fixing part, there is something not mentioned in those instructions, simply because it wasn't around last year when I wrote the article. It's called Audit My Joomla! and I strongly recommend it. It will audit your site, detect all suspicious files and allow you to unhack your site with a few clicks. Compared to spending days of manually comparing files and missing something, it's well worth the small fee. In your case, I'd recommend the 19.99£ monthly subscription as it will allow you to do unlimited audits: you will need at least two audits per site, one at the beggining of fixing your site, one when you're done, possibly another one in the interim for sanity's sake, times 8 sites. The 19.99£ subscription is really good value in this case.