Site redirected to send spam

[kaamosteoria]

I got an email yesterday that the website is sending spam and is currently disabled (html chmod'd to 700) until the issue is fixed. Here's also an excerpt from the site's log:

193.150.120.14 - - [26/Apr/2014:00:46:24 +0300] "GET /index.php/frontpage HTTP/1.1" 200 20020 "http://www.replica-club.ru/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"

The spam sites seem to be tied to /index.php/frontpage. There are roughly 20-30 of these kinds of sites logged each day. Any idea where should I even begin to fix the issue?

Here's the FPA data:

Joomla! Instance :: Joomla! 1.7.5-Stable (Ember) 02-Feb-2012
Joomla! Platform :: Joomla Platform 11.2.0-Stable+Modified (Omar) 27-Jul-2011
Joomla! Configured :: Yes | Writable (644) | Owner: lentiira (uid: 1/gid: 1) | Group: lentiira (gid: 1) | Valid For: 1.7
Configuration Options :: Offline: 0 | SEF: 1 | SEF Suffix: 0 | SEF ReWrite: 0 | .htaccess/web.config: Yes | GZip: 0 | Cache: 0 | FTP Layer: 0 | SSL: 0 | Error Reporting: default | Site Debug: 0 | Language Debug: 0 | Default Access: 1 | Unicode Slugs: 0 | Database Credentials Present: Yes

Host Configuration :: OS: Linux | OS Version: 3.2.0-23-generic | Technology: x86_64 | Web Server: Apache/2.4.2 (Unix) OpenSSL/0.9.8o | Encoding: gzip,deflate,sdch | Doc Root: /home/lentiira/public/html | System TMP Writable: Yes

PHP Configuration :: Version: 5.4.23 | PHP API: cgi-fcgi | Session Path Writable: No | Display Errors: | Error Reporting: 32767 | Log Errors To: | Last Known Error: | Register Globals: | Magic Quotes: | Safe Mode: | Open Base: /tmp:/home/lentiira:/local/nullmailer | Uploads: 1 | Max. Upload Size: 64M | Max. POST Size: 64M | Max. Input Time: -1 | Max. Execution Time: 30 | Memory Limit: 64M

MySQL Configuration :: Version: 5.1.65 (Client:mysqlnd 5.0.10 - 20111026 - $Id: e707c415db32080b3752b232487a435ee0372157 $) | Host: --protected-- (--protected--) | Collation: latin1_swedish_ci (Character Set: latin1) | Database Size: 3.83 MiB | #of Tables:  49

PHP Extensions :: Core (5.4.23) | date (5.4.23) | ereg () | libxml () | openssl () | pcre () | sqlite3 (0.7) | zlib (2.0) | ctype () | curl () | dom (20031129) | fileinfo (1.0.5) | filter (0.11.0) | ftp () | gd () | gettext () | hash (1.0) | iconv () | json (1.2.1) | mbstring () | mcrypt () | SPL (0.2) | session () | PDO (1.0.4dev) | standard (5.4.23) | pdo_sqlite (1.0.1) | Phar (2.0.1) | posix () | Reflection ($Id: c4a7c554f00da47fe9cff384d18c532a1a959dff $) | mysqlnd (mysqlnd 5.0.10 - 20111026 - $Id: e707c415db32080b3752b232487a435ee0372157 $) | SimpleXML (0.1) | pdo_mysql (1.0.2) | mysqli (0.1) | tokenizer (0.1) | xml () | xmlreader (0.1) | xmlwriter (0.1) | xsl (0.1) | zip (1.11.0) | mysql (1.0) | cgi-fcgi () | Zend Engine (2.4.0) |
Potential Missing Extensions :: suhosin |

Switch User Environment (Experimental) :: PHP CGI: Yes | Server SU: No | PHP SU: Yes | Custom SU (LiteSpeed/Cloud/Grid): Yes
Potential Ownership Issues: No

Core Folders :: images/ (755) | components/ (755) | modules/ (755) | plugins/ (755) | language/ (755) | templates/ (755) | cache/ (755) | logs/ (755) | tmp/ (755) | administrator/components/ (755) | administrator/modules/ (755) | administrator/language/ (755) | administrator/templates/ (755) |

Elevated Permissions (First 10) :: images/swmenu/ (757) | modules/mod_swmenupro/ (757) | modules/mod_swmenupro/cache/ (757) | modules/mod_swmenupro/fonts/ (757) | modules/mod_swmenupro/images/ (757) | modules/mod_swmenupro/images/arrows/ (757) | modules/mod_swmenupro/images/superfish/ (757) | modules/mod_swmenupro/images/transmenu/ (757) | modules/mod_swmenupro/images/tree_icons/ (757) | modules/mod_swmenupro/styles/ (757) |

Components :: SITE :: com_wrapper (1.7.0) | WF_AGGREGATOR_VIMEO_TITLE (2.0.20) | WF_AGGREGATOR_[youtube]_TITLE (2.0.20) | WF_POPUPS_WINDOW_TITLE (2.0.20) | WF_POPUPS_JCEMEDIABOX_TITLE (2.0.20) | WF_FILESYSTEM_JOOMLA_TITLE (2.0.20) | WF_LINKS_JOOMLALINKS_TITLE (2.0.20) | WF_MEDIAPLAYER_JCEPLAYER_TITLE (2.0.20) | WF_TABLE_TITLE (2.0.20) | WF_CONTEXTMENU_TITLE (2.0.20) | WF_PREVIEW_TITLE (2.0.20) | WF_BROWSER_TITLE (2.0.20) | WF_FULLSCREEN_TITLE (2.0.20) | WF_IMGMANAGER_TITLE (2.0.20) | WF_SOURCE_TITLE (2.0.20) | WF_MEDIA_TITLE (2.0.20) | WF_VISUALCHARS_TITLE (2.0.20) | WF_ARTICLE_TITLE (2.0.20) | WF_CLEANUP_TITLE (2.0.20) | WF_LINK_TITLE (2.0.20) | WF_INLINEPOPUPS_TITLE (2.0.20) | WF_PRINT_TITLE (2.0.20) | WF_DIRECTIONALITY_TITLE (2.0.20) | WF_XHTMLXTRAS_TITLE (2.0.20) | WF_TEXTCASE_TITLE (2.0.20) | WF_SEARCHREPLACE_TITLE (2.0.20) | WF_STYLE_TITLE (2.0.20) | WF_PASTE_TITLE (2.0.20) | WF_LAYER_TITLE (2.0.20) | WF_NONBREAKING_TITLE (2.0.20) | WF_SPELLCHECKER_TITLE (2.0.20) | WF_AUTOSAVE_TITLE (2.0.20) | com_mailto (1.7.0) |
Components :: ADMIN :: COM_WEBFONTS (2.0.7) | com_installer (1.7.0) | com_menus (1.7.0) | 2J NewsSlider (2.0.2) | com_users (1.7.0) | com_admin (1.7.0) | Form To Mail (1.0.2) | com_cpanel (1.7.0) | com_search (1.7.0) | com_categories (1.7.0) | TwoJToolBox (1.0.11) | 2JToolBox Module (1.0.0) | plg_system_twojtoolbox (1.6.0) | plg_editors-xtd_twojtoolboxbut (1.0.0) | 2J Gallery (1.0.3) | com_content (1.7.0) | com_banners (1.7.0) | Unknown (-) | Editor - JCE (2.0.20) | JCE (2.0.20) | swMenuPro (8.5) | com_config (1.7.0) | com_newsfeeds (1.7.0) | com_media (1.7.0) | com_modules (1.7.0) | com_cache (1.7.0) | com_messages (1.7.0) | com_plugins (1.7.0) | com_login (1.7.0) | com_redirect (1.7.0) | com_checkin (1.7.0) | com_languages (1.7.0) | com_weblinks (1.7.0) | com_templates (1.7.0) |

Modules :: SITE :: mod_articles_archive (1.7.0) | mod_menu (1.7.0) | mod_users_latest (1.7.0) | mod_languages (1.7.0) | 2JToolBox Module (1.0.0) | mod_articles_latest (1.7.0) | mod_wrapper (1.7.0) | GoboSlide Pro (1.6.5) | mod_related_items (1.7.0) | mod_breadcrumbs (1.7.0) | mod_footer (1.7.0) | Form To Mail (1.0.0) | FXPreview (1.0) | mod_search (1.7.0) | mod_articles_categories (1.7.0) | mod_articles_news (1.7.0) | mod_feed (1.7.0) | mod_stats (1.7.0) | mod_articles_category (1.7.0) | mod_random_image (1.7.0) | mod_syndicate (1.7.0) | mod_login (1.7.0) | mod_weblinks (1.7.0) | mod_banners (1.7.0) | swMenuPro (8.5) | mod_whosonline (1.7.0) | mod_custom (1.7.0) | JT Quick Contact Form (1.0) | mod_articles_popular (1.7.0) |
Modules :: ADMIN :: mod_submenu (1.7.0) | mod_menu (1.7.0) | mod_multilangstatus (1.7.1) | mod_title (1.7.0) | mod_logged (1.7.0) | mod_toolbar (1.7.0) | mod_quickicon (1.7.0) | mod_status (1.7.0) | mod_feed (1.7.0) | mod_login (1.7.0) | mod_popular (1.7.0) | mod_latest (1.7.0) | mod_custom (1.7.0) |

Plugins :: SITE :: Editor - JCE (2.0.20) | plg_editors_codemirror (1.0) | plg_editors_tinymce (3.4.4) | plg_editors-xtd_pagebreak (1.7.0) | plg_editors-xtd_article (1.7.0) | plg_editors-xtd_image (1.7.0) | plg_editors-xtd_readmore (1.7.0) | plg_editors-xtd_twojtoolboxbut (1.0.0) | plg_extension_joomla (1.7.0) | plg_authentication_gmail (1.7.0) | plg_authentication_ldap (1.7.0) | plg_authentication_joomla (1.7.0) | plg_content_emailcloak (1.7.0) | plg_content_pagebreak (1.7.0) | plg_content_loadmodule (1.7.0) | plg_content_vote (1.7.0) | plg_content_pagenavigation (1.7.0) | plg_content_joomla (1.7.0) | plg_content_geshi (1.7.0) | plg_search_contacts (1.7.0) | plg_search_weblinks (1.7.0) | plg_search_categories (1.7.0) | plg_search_content (1.7.0) | plg_search_newsfeeds (1.7.0) | PLG_WEBFONTS (2.0.2) | plg_system_debug (1.7.0) | plg_system_sef (1.7.0) | plg_system_logout (1.7.0) | plg_system_p3p (1.7.0) | plg_system_log (1.7.0) | plg_system_redirect (1.7.0) | plg_system_remember (1.7.0) | plg_system_languagefilter (1.7.0) | Instant Suggest (2.0.1) | plg_system_cache (1.7.0) | plg_system_twojtoolbox (1.6.0) | plg_user_profile (1.7.0) | plg_user_contactcreator (1.7.0) | plg_user_joomla (1.7.0) |

Templates :: SITE :: beez5 (1.7.0) | beez5 (1.7.0) | beez5 (1.7.0) | beez5 (1.7.0) |
Templates :: ADMIN :: hathor (1.7.0) | bluestork (1.7.0) |

[webguerilla]

I would recommend you to use a clean backup and then start with upgrading to a current Joomla version. 1.7.x is outdated a long time... Afterwards check and update all extensions.