Site was hacked, can't get rid of html file

[SomeGuyFromCali]

One of my older sites got hacked recently. I believe the problem was simply that I left the permissions for the images folder open on accident.

They created an HTML file that loads when you go to the example URL
http://www.______.com/images/installs/com_jce_2321/components/com_jce/editor/tiny_mce/themes/advanced/skins/default/img/eoti4/2xmille-associazione-culturale.html

I deleted the installs folder completely but the URL still loads when I go there. How do I completely remove the link to this page?


Also, how do I completely disable user registration? There were many new users in the user list that I did not create which I have now deleted.

[sozzled]

When you're fighting these kinds of fires, it's always a good idea to learn from the professional firefighters:

1) Contain the blaze—stop it from spreading;

2) Rescue the victims

3) Put out the fire and fire-proof the environment so that it doesn't happen again. In other words, J! 2.5 is vulnerable and at risk from being attacked; better to migrate your site the latest version of J! 3.x instead of trying to "protect" it with outdated software.

One of my older sites got hacked recently. I believe the problem was simply that I left the permissions for the images folder open on accident.

The Forum Post Assistant will help you locate folders that have elevated privileges

I deleted the installs folder completely but the URL still loads when I go there. How do I completely remove the link to this page?

It is probable that the link was injected from another file on your site (very likely in the template default.php, but that's just a guess).

Also, how do I completely disable user registration? There were many new users in the user list that I did not create which I have now deleted.

See https://docs.joomla.org/Disabling_user_registration

[SomeGuyFromCali]

When you're fighting these kinds of fires, it's always a good idea to learn from the professional firefighters:

1) Contain the blaze—stop it from spreading;

2) Rescue the victims

3) Put out the fire and fire-proof the environment so that it doesn't happen again. In other words, J! 2.5 is vulnerable and at risk from being attacked; better to migrate your site the latest version of J! 3.x instead of trying to "protect" it with outdated software.

One of my older sites got hacked recently. I believe the problem was simply that I left the permissions for the images folder open on accident.

The Forum Post Assistant will help you locate folders that have elevated privileges

I deleted the installs folder completely but the URL still loads when I go there. How do I completely remove the link to this page?

It is probable that the link was injected from another file on your site (very likely in the template default.php, but that's just a guess).

Also, how do I completely disable user registration? There were many new users in the user list that I did not create which I have now deleted.

See https://docs.joomla.org/Disabling_user_registration

Thank you, I am going to assume they exploited the older version or an older plugin. I have taken the site offline and am manually moving all of the content over article at a time to be certain none of the compromised code get's moved over with it.