How to Clean a Hacked Joomla! Site
If your website host or browser has blocked your Joomla! website – it means that your website could contain malware. You must utilize a Joomla which is known as “remove a malware tool” to scan your website and get rid of the malware.
Hosts will suspend accounts/websites containing malware. Browsers will block websites—including Joomla! websites— that contain malware, and display warnings such as: “The Website Ahead Contains Malware!” or “Deceptive Site Ahead.”
While this warning confirms malware infection, there are a number of indicators that could help you ascertain whether your site has been hacked.
- Browsers display a malware infection warning and block access to your website
- Your website host suspends your website citing malicious activity
- New users (with malicious intent) have penetrated your account and their logins are displayed on the dashboard
- Browsers display unexpected behavior on your website
- Hackers have modified code or impregnated code into your website
Scan Your Joomla! webpage with a Joomla! malware Scanner
Scan your URL using Comodo’s Web Inspector tool – an online website malware scan and malware removal tool that allows you to quickly confirm if your Joomla! webpage contains malware.
This cloud-based Joomla! malware removal tool scans the website for possible virus and malware infection, detects security holes and vulnerabilities, and safeguards the website against advanced persistent security threats. The Web Inspector also monitors for website blacklisting and immediately warns the website owner before the website gets blacklisted.
Browser Blacklist Status – Browsers maintain a database of blacklisted websites, and they provide tools to check the status of your website. Google provides the status of your website as part of a “Transparency Report”.
After scanning your URL, check for recent modifications in core files. If malware has been injected recently, you should compare and find out any difference between earlier stable versions and the infected recent version. Cyber security experts recommend a comparison of suspicious and stable (good) files as one of the best ways to confirm malware infection. If you detect malware, then restoring with a clean site backup would be the best bet.
Check for unauthorized users in your Joomla! account. Hackers could have inserted their name in the list. Analyze the logs for unusual/suspicious user activity.
If you confirm malware infection then you must clean the database tables by logging into an admin panel, searching for suspicious content and removing it manually.
Hackers typically impregnate a backdoor into the website so that they would be able to inject malware or steal data any time they need. Intelligent hackers name their backdoors something similar to existing files so as to evade detection. These backdoors must be rooted out through file comparison and Joomla! malware removal tools.
Review by Web Spam Authorities
After getting rid of malware on your website, and confirming with a Joomla! website malware scanner, you must ask the authorities who have blacklisted your website to review. They will remove your website from the blacklist following successful review.
- Update the Joomla! software and all its components including core files and extensions.
- Reduce accounts with super-administrator and admin privileges. Allow privileges only on a need basis and be very strict about it. Reset the passwords of all users. Make it mandatory for users to follow a strong password policy. Further, enable two-factor-authentication (2FA) for more security.
- Implement a website firewall to prevent any further website infection. This can help block DDoS attacks and Brute Force attacks.
- Implement a robust backup and restoration policy in line with the best practices in the industry.
- Manual monitoring for suspicious activity is not effective. Use a Joomla! malware removal tool such as Comodo cWatch Web Security Service that provides comprehensive web application security to proactively detect threats that could infect your Joomla! website.
Prevention is better than cure.