The first thing that we did was that we searched the database for this obscene content, we couldn’t find any. We then searched the database for the title of the link, we also couldn’t find any. Weird…
The second step was checking the template files, we wanted to see if any of these files was hacked. To our surprise, none was…
We then thought, apparently the content is not there, so it might be that there is this one malicious Joomla extension that our client installed by mistake and made this mess. We disabled all 3rd party extensions, and still that page existed, with the obscene content in it.
Our last and final step was to check the .htaccess file in the root directory of the website, maybe, just maybe, the .htaccess was hacked and the traffic was redirected somewhere else? We opened the .htaccess file and we found that many lines in this file were replaced by other malicious lines (one of those lines called a file called “functions.php” which included a lot of malicious code). To fix the problem, we did the following:
- We restored a previous version of the .htaccess file
- We changed the permissions on the .htaccess file to 644 (it was 777 before)
- We removed the malicious functions.php
- We then advised the client to upgrade to the latest version of Joomla (the client was using Joomla 1.5)
There are many reasons on why a Joomla website gets hacked, but regardless of the reason, we are always there to help, and as usual, at lightning speed! So feel free to contact us to fix your Joomla website in the unfortunate event of it being hacked.