Rufus contacted us after his site was hacked. Fortunately he had a backup from a couple of months ago.
First we scanned the files for viruses. We found four, which we promptly deleted. The hackers had exploited a weakness in the comments plugin which allowed them to put the virus code into the system. We disabled the vulnerable plugin and removed any code from the SQL database.
Then we stripped out any obsolete extensions that might be vulnerable in the future, updated the Joomla framework, changed admin passwords for the site and server, deleted all suspect users, and updated the PHP version to be on the safe side.
Visit Rufus’ site at RufusMay.com.