I understand the question (and the motivation for asking it) about uninstalling core CMS extensions such as a few of those that have been mentioned in this discussion topic. I repeat my earlier answer:
sozzled wrote: ↑Tue Jan 05, 2021 9:22 pm
No, you cannot
optionally uninstall those components but you can ... choose to not use them.
This doesn't, however, explain the source of malware infections [that may target specific or random file locations] nor eliminate the potential for rogue processes—residing from within or outside the website—that deposit unwanted material. In other words, unless someone is willing to undertake a deep analysis/audit of the files stored on the
server, the source of malware infestation remains a mystery.
From what I've researched, malware is generated either manually (which is usually quite difficult to do) or by some script. The server log should contain every instance of when, where and how such malware/files are created but it could take several days to analyse every instance of them. Basically, one would have to constantly watch the kettle until the water boils.
What are the options?
- Analyse the website looking for how the malware is generated. This task could take anywhere from a couple of hours to a couple of years.
- Accept the inevitable: there's a [kind of] "cancer" that needs to be surgically excised with the possibility that the "patient" won't survive. Alternatively, take the "patient" off life-support and allow it to die a natural death.
- Remove the website from the server and relocate it elsewhere. This may result in preventing cross-infection of other we assets owned by the OP w.r.t. their other websites. By quarantining the problem website elsewhere, the OP can attend to further investigation at their leisure.
- [Probably not worth the investment but included for the sake of completeness] Give the job to someone, with full access to the server, who's skilled in website security and competent with J!
I would guess that it's possible to adjust folder/file permissions so that
no-one (not even the J! update processes) could add/modify/delete files therein. This could break the website and stop it working because I don't know how changing the folder/file permissions would affect the "normal" operations (e.g. creating/editing/deleting J! articles, etc.). That would also put one outside of the availability of help from the community—one would be flying solo using one's own wits to navigate—and I wouldn't advise that course of action. However, it's not my flying machine or my patient; one can always seek a second, third or other opinions, of course.