The website owner’s worst nightmare is falling victim to hackers who may use the hijacked site for any sort of nefarious purpose. Sometimes hacks are intended only to cause trouble for the website owner; other times hacks are used to conduct criminal behaviour. As a Joomla user, you are not immune.
Content management systems are generally secure from all but the most sophisticated hacks. But in order to make CMS platforms user-friendly, there are a few things that need to be implemented for the benefit of the user; things that create inherent weaknesses that hackers are able to discover and exploit. How do you know if you Joomla site has been hacked?
A hack generally results in some telltale signs including any of the following:
- Involuntary redirects from your site to another
- Strange links or adverts showing up, seemingly by themselves
- Excessively slow load times
- Complaints from customers regarding spam e-mail.
If you are lucky, your web hosting company will let you know if there is any chance your site has been hacked. But in the absence of any such notification, keeping an eye on the behaviour of your site will usually tell you that something is up. The next question is one of how do you recover from a site hack?
Scanning Your Site for Trouble
The first thing to do is make a backup copy of your Joomla installation. Hopefully, you already did that (hopefully you do it on a regular basis), but if not, even a backup copy of your corrupted site is better than no backup at all. Create your backup and download it to your hard drive.
The second step is to scan your site using an online service. There are a couple of reputable sites that get a lot of use: Securi’s site check and Web Inspector are but two examples. You can also have your site inspected by Google simply by navigating to the following URL: http://www.google.com/safebrowsing/diagnostic?site=http://YourSite.com.
Taking Your Site Back
Assuming a site scan confirms a hack, the final step depends on your abilities and skills as a website owner. If you regularly make backups of your site, you need only install the most recent backup you made prior to noticing the trouble. As a side note, this is why backups are so important. If you are not doing them on a regular schedule, you need to start right away.
The absence of a clean backup will require you to turn off your site and go hunting for the problem. Website owners with the knowledge and skill can go through the file structure looking for any malicious files left by hackers. If you don’t know how to do this, you will need to enlist the help of your hosting company support team or hire a professional.
Whatever you do, be sure to change your username and password as well as those of anyone else who has access to your site. Also, get into the habit of changing your usernames and passwords on a regular schedule. Make it as difficult as possible to hack your site in the future.