Help, my Joomla! website has been hacked.
When someone tries to penetrate someone else’s system or computer we call it “hacking. This does not always have to be technically complex; “guessing” someone’s password is also considered hacking. Finally, the intruder gains access to someone’s computer, files and/or accounts. And so this could also be your Joomla! website.
Very annoying when it happens, but you can put several things in place to minimize the chance of recurrence and further damage. We have listed several things you can check/implement to further minimize the damage:
Install the latest Joomla! version.
Is your Joomla! CMS up-to-date? You should make sure you are running the latest version because the developers are constantly making sure that potential bugs and “openings” are closed. Make sure you have backed up ahead of time so you can revert to it if necessary. Haven’t done any updates in a while? Then go through the updates in small steps instead of going from the very old version to the very latest version all at once. Do check that the plugins you use are also compatible with this latest version. And make use of security extensions here such as Akeeba Admin Tools, for example.
Do you have all plugins up to date? Again, the same applies as with Joomla! itself: these must be up-to-date. Maybe you find out that you’ve been using a plugin that is no longer supported or continued development. Then see if you can find another plugin that can do the same (or maybe more) and is supported. Also look here at the number of users and what rating they give this plugin.
Turn off forms
Do you use forms to contact you, sign up for something or register for something? Then disable it so that hackers can no longer abuse it.
Clean up files
If you do not have a clean backup then you need to clean up your website to remove the hack. Check all folders to see if any foreign files have been added. Since existing files can also be modified, overwrite the files with the Joomla core files. Be sure to do this with the latest version from the Joomla series you are using.
Check the users
Check for unknown users added to your site and then delete them. In any case, it is wise not to assign more users to your site than is highly necessary. Be sure not to give everyone the maximum permissions. You can also roll back permissions of people who may not be working on the site continuously. If necessary, temporarily give them more permissions when they do work on the site. Of existing users, it is advisable to change passwords. This applies to all accounts, by the way. Also change login credentials for FTP, databases, e-mail accounts, system administrator accounts and Joomla! itself, of course. If you forget this step, chances are you will be hacked again within days of recovery. And very importantly, send the new login information through a password vault to prevent outsiders from granting access.
Scan your computer for malware
It is possible that your computer is also infected. It certainly doesn’t hurt to scan your computer with MalwareBytes AntiMalware, for example. In some cases, malicious software has found out your username and password and gained access to your website.
Change your mail address
Update the mail address you listed on your website. Especially if this is a very general address such as firstname.lastname@example.org You can create a new address for this such as email@example.com or firstname.lastname@example.org so that you can be reached again the old address mail address can no longer be abused. For the mail address that was on the site during the hack, do adjust the password.
If you use an email tool like Mass Mail (feature in Joomla!) or AcyMailing (plugin) to send and analyze bulk mail or newsletters, turn this off as well. This prevents these tools from being abused to reach many people by mail and do even more damage. Also check if any of these tools have already been used to target customers. Determine whether or not you must report the data breach to the Personal Data Authority under the AVG. And if necessary be sure to inform affected customers of the leak.
Remove outbound links and links
To ensure that no traffic goes from your site to other sites, it is advisable to remove all outbound links. For your SEO this is detrimental in the long run, but for the short term you remove nuisance for others. You may also have created links to other systems, such as Office 365, be sure to update passwords in those as well to prevent their misuse.