Safety instructions if your Joomla website has been violated/altered
If you believe that your Joomla website has been violated or altered in some way, you could follow the instructions below to remove the malicious code that may have been placed by hackers and also prevent future attacks.
The first step that would be helpful to do is to take your website offline and allow access only by your own IP address.
This will isolate malicious users so they can not edit files or your database. Additionally your visitors will be protected from harmful content. Moreover, search engines may block your website and display an alert for users who try to visit it.
The easiest way to isolate your website is by editing it's .htaccess file through which you will allow access only from your IP address. All you have to do is add the following lines of code in it:
Deny from all
Allow from IP_ADDRESS
Replace IP_ADDRESS field with your own IP address.
Note that this works only if you have a static IP address.
You should make sure that you are the only one who has access to your hosting account. To do this you have to change all your passwords, such as the Joomla control panel, FTP, the MySQL database users, cPanel account etc.
Restore a backup
The quickest way to make your website work properly again is to restore it from a backup. Note that this procedure will erase all changes made to your website after the backup creation.
After the restore check if your website works as it should. It is also desirable to change the passwords of your users again because they have been restored too through the backup.
Change the database prefix
By changing the default jos_ database prefix you can fool malicious users who attempt MySQL injections. Before this change, it would be good to create a backup of your database first.
Disable remote PHP URL includes
Ensure that your server does not by default allow remote PHP url includes. To do this you need to log in to the Joomla control panel and navigate to System > System info > PHP Info.
- For PHP version 5.2 and above, make sure that the allow_url_include option is disabled.
- For PHP version 5.2 and below, make sure that the allow_url_fopen option is disabled.
Update Joomla and extensions
Many times the cause of website violation is due to outdated extensions or an older version of the Joomla installation. As a next step you should upgrade Joomla and all your extensions to their latest stable version. Also it would be good to remove the extensions that you do not use or have not been updated in a long time.
Remove access restriction
Remove the access restriction from the .htaccess file so that your website be accessible again by your visitors.
More information and instructions for your Joomla website can be found by following the links below to the Knowledge Base of IP.GR.