We've noticed an increase in new website hosting clients coming to us with hacked Joomla!™ websites. In the past 7 weeks, we've upgraded and cleaned six such sites. In many cases, the client's existing website hosting company had taken their website offline until the issues were resolved because in all these cases there were malicious files in place on the host's server.
It's an unfortunate situation because in today's world businesses need a well designed and functioning website to attract new customers, or often to qualify their company to prospects that have been solicited with other marketing efforts. When your website is offline it can't fulfill these outcomes.
Even worse, your company's reputation can be hurt greatly if the hackers have installed malicious scripts to send our spam from your domain. No none likes to receive spam emails, and if they originate from your corporate domain that's sure to hurt business. Spam originating from your domain can also cause your domain to be blacklisted, meaning that your legitimate emails may be blocked on the receiving end.
The biggest cause of hacked Joomla websites is not keeping the software up to date. The current versions allow an easy "click to update", but older versions can't be updated quite so easily. If you are on Joomla 1.x series, the upgrade actually requires a full migration to the current Joomla 3.x series. The older versions are no longer actively supported for new security releases, meaning that they are open targets for hackers.
Vulnerable extensions can also give malicious users a doorway into your hosting account. There is a list of known vulnerable extensions maintained at https://vel.joomla.org/, and if your website uses any of these you should take corrective actions right away.
Yes, over the years we've assisted many clients whose websites were built on WordPress, other content management systems (CMS), or plain HTML websites.
In general, websites that are built with a CMS or E-commerce software are more vulnerable to attack because they have functionality in place that allows users to be added. But a website built solely on HTML can also be vulnerable, especially by the hosting login credentials being compromised.
Here are some of the basic steps that will help protect your website:
It's usually best to contract a professional to help with the clean up. You may find do-it-yourself guides online, but this can be difficult work for a novice. And since the hackers' techniques constantly evolve, a company experienced in dealing with these issues will better understand all the potential threats that may exist.
Look at what a difference a website redesign makes!