Hello,

I apologizes for this.

Please, read this post: https://www.joomshaper.com/forum/question/45152

Also, Follow this steps, carefully:

Please create a staging environment (recommended) and update SP Page Builder to the latest patched version before proceeding.

Once the staging site is ready:

1. Download the scanner from the GitHub repository (link will be provided separately).

2. Generate a secure access key using:

   php -r "echo bin2hex(random_bytes(32));"

3. Open the security-scanner.php file and replace:

   $ACCESS_KEY = 'REPLACE_THIS_WITH_YOUR_OWN_KEY';

   with the generated key.

4. Upload security-scanner.php to the Joomla root directory (same location as index.php and configuration.php).

5. Access the scanner via:

   your-domain.com/security-scanner.php

6. Enter the access key to unlock the scanner.

7. Allow the scan to complete and review all findings, paying particular attention to:

   • Suspicious Files & Folders
   • Super User Accounts
   • Menu XSS Injections
   • SP Page Builder Asset Table

8. Remove any high-confidence malicious files identified by the scanner.

9. Remove any suspicious or unauthorized Super User accounts.

10. Clean any malicious database entries flagged by the scanner.

11. Rotate all credentials, including:

    • Database password
    • SMTP credentials
    • API keys/tokens
    • Joomla secret key

12. Force logout all active sessions.

13. Check for suspicious cron jobs or scheduled tasks.

14. Run the scanner again to confirm the site is clean.

15. Once complete, remove the scanner using the Self-destruct option or delete the scanner file manually.

Please share the scan results and any findings before making further changes so we can review them and advise on any additional cleanup steps.

Github link: https://github.com/zkrana/joomla-security-scanner

Thanks,