I think you need to start by reading our ‘
Unhacking your site’ page. It explains how you can get hacked, how you can tell why you got hacked and how you can prevent it.
Depending on
how you got hacked the solution will be different. For example:
- Out of date Joomla or extension (including the template itself). Update Joomla and all of its extensions, including your template. While Admin Tools tries to plug as many holes as possible, there are some issues that need the vulnerable code to be updated. For example, some years ago Joomla would mistakenly let you create a super user account from the front-end of the site. We couldn't address it in Admin Tools without essentially disabling user registration altogether, making it necessary to update Joomla.
- Uploaded malicious file used as a backdoor. The fix to that (UploadShield) used to be in Admin Tools but we contributed that to Joomla itself since Joomla 3.4.1. The drawback is that developers may choose to disable it for their uploads. So we recommend using Admin Tools' .htaccess Maker with the frontend and backend protection features enabled to prevent arbitrary PHP files from being accessed: the malicious file may still be uploaded but it will be impossible to run, thus neutralizing the threat.
- Compromised FTP or control panel account i.e. someone stole or guessed the username and password for your hosting. Our advice is to use a 40 or more character long password consisting of upper and lower case letters, numbers and symbols; use a password manager such as 1Password, LastPass, KeePass to manage your passwords; never, ever, EVER use plain, unencrypted FTP (use SFTP or, if not possible, FTPS) and do not access your site's files from public WiFi / Ethernet connections; if you grant temporary access to developers revoke their access immediately after they're done and never reuse the same credentials with the same or, worse, different developers.
- Compromised super user login credentials i.e. someone stole or guessed the username and password for your Joomla administrator. Our advice is to use a 40 or more character long password consisting of upper and lower case letters, numbers and symbols; use a password manager such as 1Password, LastPass, KeePass to manage your passwords; enable Two Factor Authentication in your Joomla user account (it's free and another Admin Tools feature we contributed to Joomla); only use HTTPS with a commercially signed certificate to access your site and do not access your site's files from public WiFi / Ethernet connections; if you grant temporary access to developers revoke their access immediately after they're done and never reuse the same credentials with the same or, worse, different developers.
- Compromised server (someone wrote directly to your site). First check the onwership and permissions of your files. If your files are not owned by the user under which your hosting runs ask your host to change the ownership. The permissions of all files must be 0644 and of all folders must be 0755. If your site does not work with such permissions change hosting a.s.a.p. Same goes if your files' and folders' ownership and permissions are correct but you still got someone writing to the files directly without having your hosting account credentials compromised.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
