Once your original Joomla website has been procured from the hands of the hacker, the next task is to put questions on oneself that what led to the hack, in the first place. Most people overlook this analysis after recovering from a serious threat, but it is advisable to put further light on this matter, to prevent such attacks in the future. Although it may seem a time wasting venture for some, yet it has two basic agenda,
- To have a fair idea of what actually had happened
- To defend against similar attacks
Thus, it’s needless to ask, how many are in favour of such tedious and time consuming job. Follow these steps to identify Joomla hack instantly and what to do if you spotted one,
- Check the index.php for unknown IPs. If a suspect IP is discovered, then an unauthorised login or application of brute force to enter into the administrative backend can’t be ruled out.
- Check for SQL injection attacks. These can be spotted by the repeated use of update, replace and insert commands. If you suspect a SQL injection attack, look out for the component’s name, as chances are that it is vulnerable. If the component is present in the Vulnerable Extension List, then replace the component with a newer version.
- Incase of repeated requests to stray PHP files, check whether the PHP file exists in original ZIP file of the component. If it is found to be unavailable then it is replaced by a malicious script by the hacker and hence immediately removed.
- Incase of repeated requests to same PHP files, other than index.php file of Joomla, then be sure that something’s wrong. Remove it immediately. If it is inside an awkward folder then examine its contents, it may be a hacking tool.
- After the website has been hacked, be alert always. Make sure to wipe out all the backdoor hacking scripts left behind by the hacker, to ensure that it doesn’t get infected ever again. Read out these steps to prevent Joomla hack.