Hi,
Thank you for reaching out, and I'm sorry to hear that you've been affected by these attacks.
To clarify, the security issue is not with the Helix3 template itself, but rather with the Helix3 plugins. The template you're using (Shaper Travelia) is a Helix3-based template, which relies on the Helix3 plugins. So the security issue in this case is related to the Helix3 plugins rather than the template.
If your site has already been compromised, the best approach is to restore it from a clean backup (if you have one) and then update the Helix3 plugins to the latest version.
If you don't have a clean backup available, please follow these steps:
-
Go to Site → Template Styles → Your Template → Template Options → Custom Code → Custom JavaScript.
-
Check for any suspicious or unfamiliar JavaScript code and remove it. If the defacement message was injected through the template's Custom JavaScript field, this should remove it.
-
Update both of the following plugins to the latest version (v3.1.2):
- System - Helix3 Framework
- Helix3 - Ajax
If you don't see an update notification in your Joomla dashboard, you can download the latest Helix3 package from the following page and install it via Extensions → Install:
https://www.joomshaper.com/joomla-templates/helix3
Please note that updating the plugins will prevent the known vulnerability from being exploited again, but it will not automatically remove any malicious files or code that may already have been injected into the site. If the attacker has modified files beyond the Custom JavaScript field, you'll need to clean those manually or restore from a known clean backup.
Also, if your site has been compromised, after cleaning it up or restoring a backup, you may need to reconfigure some of your template settings, such as the site logo, Custom CSS, or other template options, as these settings may have been removed or altered during the cleanup process.