How can I find out if My Joomla! website is hacked?

As we may say true is horrible but unknown is even worse. You'd be surprised how many people, companies live in blissful ignorance that safeguarding of their websites have been defeated. Never before malware authors and hidden advertising were not so good at disguising their malicious code.

My site site hacked ? This cannot be true

There are so many successful attacks out in the world right now, and it seems like every week we read about some company or famous people website that have been hacked.  In general, the business owner finds out about this last one. Because the first is customers, then journalists, along with Google mechanisms to discover a strange swapping on site content or lack of action. Sometimes it is very easy to find out, especially if a website is defaced. But most of the time hackers do a very good job at hiding their malicious activity and sometimes it takes weeks, months for a business or Joomla! administrator to realize that their website was hacked.

Spotting the Signs you’ve been hacked

What are the signs that your Joomla! website have been hacked? Here are some tips on how to go about investigation suspicious activity:

• You see weird (not yours!) links, text or images on site content
• Extra, unwanted ads may appear
• On your site you can see the red warning message "The Website Ahead Contains Malware" or "Reported Attack site!"
• White screen - it may or may not be caused by hackers, just switch to show Maximum errors (in Global configuration) to check hidden messages
• Site is being flagged on Google’s search engine results page with the message “This site may be hacked”
• Your domain name automatically redirects to different website after few seconds 
• You cannot login in to admin area because of password failure
• Traffic spike or unusual amounts of spam is being send from your Joomla! web site
• Your site is very slow, much more slower than it was yesterday or a week ago
• Your firewall component or other security extension component is disabled or broken
• In User Manager you will find extra user account(s) with with administrator privileges
• Notifications in Google Webmaster Tools
• Files with suspiciously named in the directory where you have Joomla! installed

Note! Many hackers/spammers/black seo guys make their living by redirecting your site somewhere other than you want to go. They gets paid by getting your clicks to appear on someone else's website, often those who don't know that the clicks to their site are from malicious redirection.

Check this movie as well: https://www.youtube.com/watch?v=mbJvL61DOZg

Online Scanners

As a first quick checkout please use popular/trusted online security scanners which allows you to find sign of viruses, spyware & malware, and other malicious threats for free. Please scan your website URL using those three scanners:

• https://www.virustotal.com/#/home/url
• https://sitecheck.sucuri.net/
• https://rescan.pro/?en

Note! Remote scanners have limited access and results are not guaranteed. For a full scan, use firewall component or script who has access to all website files.

The summary

Figuring out that you have a hacked website might not always be obvious but it isn’t rocket science either. The above images are a perfect answer to why you should monitor all the activity on your Joomla! and web server as well.  A quote that An ounce of prevention is worth a pound of cure by Benjamin Franklin is still current.  It is better to stop something bad happening than it is to deal with it after it has happened. It also often takes less effort to prevent something than to cure it. Please read our other blog posts related with security topic.