I'm sorry to bother you all, but I'm in over my head here.
I did read through the stickied post about hacked sites, but couldn't apply much of the information there.
My friend has his site hacked and didn't notice for a month. I've never used Joomla and the person that originally created it 3 years ago never updated nor secured it.
After talking to the hosting company, we determined that it was hacked using a template exploit:
220.127.116.11 - - [13/Jan/2012:10:16:21 -0600] "POST /templates/beez/index.php?act=f HTTP/1.1" 200 10543 "http://bffmakeup.com/templates/beez/index.php?act=f&file=/home/bffmakeu/public_html//index.php" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2"
I'm coming in to this completely blind as I've never used Joomla and am just trying to help out my friend. Everything I've read about this says to start by logging into the administration control panel, but the people that hacked it seem to have removed that login page.
I don't even know which version of the Joomla application he has installed here. All I have access to is the site and the FTP.
He also has informed me that he doesn't have a backup of the site.
So now that I've finished brow-beating him, is there anything I can do? Could someone point me in the right direction if there is one?