My website maybe got hacked! Topic is solved

[aboarken]

Hello,
I have scanned my site but nothing is telling me that my site is hacked but I see the attached pictures in my Joomla site directory. The pictures are from [ redacted ] hackers. Please can you tell me what I have to do?
Thanks in advance.

[ redacted ]

[toivo]

Recommend that you contact Phil Taylor of https://mysites.guru/. He cleans hacked sites for a fee, in addition to providing online tools for auditing and managing Joomla sites. The first software audit is free and it may also include Suspect Content Tool, which should help to identify hacked files.

Alternatively, study the sticky topics of this 3.x Security forum how to rebuild a hacked site and observe best security practice.

Please note that removing hacked files does not remove the vulnerability that allowed the site to be compromised. You should therefore post the results from the Forum Post Assistant (FPA) so that our volunteer experts can review the configuration. They may be able to identify vulnerable extensions, for example.

[JurajB]

I think mysites.guru have also some kind of protection at least you can harden the thing such a .htaccess and more.
Also you may find useful siteguarding.com (designed also for Joomla) but I recommend to insert php code into inde.php and DONT install the Joomla! extension. Doing so you may get better bad bot protection.

[toivo]

I recommend to insert php code into inde.php and DONT install the Joomla! extension. Doing so you may get better bad bot protection.

@JurajB, modifying the Joomla core files is a bad idea, neither recommended nor supported.

About security extensions, among the services, tools and extensions I have used, in addition to mysites.guru (no affiliation), Admin Tools of Akeeba Ltd (no affiliation) is an excellent option that keeps the hackers away.

[JurajB]

So OK then you may use Joomla plugin for this.
edit: but my hosting provider (the best around, they are max. experts) said its safe to put the code in index.php (maybe only on their hosting or maybe the admin in support area wasnt informed) so what to say about this?

[sozzled]

My hosting provider (the best around, they are max. experts) said its safe to put the code in index.php ...

What "code"?

@toivo's advice is sensible:

@JurajB, modifying the Joomla core files is a bad idea, neither recommended nor supported.

I agree 100%. Don't modify the J! core files and please don't recommend this idea to others. "Modifying" the core files in J! is why we see so many problems reported on the forum. These problems can be caused by "modifying" the core files in J!. It's a bad idea.

[JAVesey]

I agree 100%. Don't modify the J! core files and please don't recommend this idea to others.

+1

The other reason not to modify core files is that they can be overwritten during a core update, thereby losing any changes made.

@OP:
Follow Toivo's advice and post the output from the FPA. Might help identify the way your site was exploited.

[Webdongle]

Either contact https://mysites.guru/
or if you want to clean the site yourself see
viewtopic.php?f=714&t=946026

Do not edit the configuration.php (unless the hackers have corrupted it ... in which case replace it completely.

When your server is clean then perhaps https://extensions.joomla.org/extension ... injection/ may be of interest.

[aboarken]

Either contact https://mysites.guru/
or if you want to clean the site yourself see
viewtopic.php?f=714&t=946026

Do not edit the configuration.php (unless the hackers have corrupted it ... in which case replace it completely.

When your server is clean then perhaps https://extensions.joomla.org/extension ... injection/ may be of interest.

Hello, I cleaned the site by my self. Thank you.

[Webdongle]

...
Hello, I cleaned the site by my self. Thank you.

Did you follow the instructions on
viewtopic.php?f=714&t=946026 ?