We frequently get requests from our customers asking us to check if their Joomla website is hacked, because they think it is behaving oddly. And so we do check the website, and in most cases, we discover that the website is actually hacked. So, the first sign that your website is hacked is if you feel that it is hacked!
Other than just feeling that your Joomla website is hacked, here are some other signs that will tell you if your Joomla website is hacked (the presence of even just one sign means that the website is most likely hacked, and you need to take immediate action):
- Pages get redirected to other pages: When you go to one page on your website, you get redirected to another page (usually on another page) automatically.
Weird content/links on your website: Your website contains content and/or links (either prominently or at the bottom of the page) that you haven’t put there. Usually that content is obscene and the links point to another website with obscene/illegal content.
Website tries to download something to the visitor’s PC: This is the ultimate sign that your website is hacked. When you visit your website and your website tries to download a plugin (sometimes the download fakes itself as a mandatory security download), then your website is not only hacked, but it is also harmful to your visitors.
You’re unable to login to your website anymore: Sometimes, you’re suddenly unable to login to your Joomla website, while this might happen because of a human error (you are using CAPS Lock for example to enter the password) or some corrupt data, it might happen because your website is hacked (in this case, it was your Joomla database that got hacked).
All the data is gone: You go to your website and you no longer see the pages that you have created over the weeks, months, or even years. All you data is gone. This means that a hacker deleted all the content from your jos_content table.
Your Joomla website is no longer indexed by search engines: Search engines are very smart: When they detect that a website is hacked, then they immediately stop indexing it to prevent their visitors from visiting harmful websites.
You are seeing database errors when you visit your website: While there are many reasons for this to happen, it might be that a hacker dropped all the tables in your Joomla database. Again, there are many reasons for this to happen and it’s better to consult with an expert in Joomla before taking any action.
You are seeing a file not found error when you visit your website: A file not found error simply means that the file does not exist anymore. This can happen because of a bad extension that you installed (that requires a file that doesn’t exist and didn’t exist in the first place), or it can happen because a critical file was actually deleted from your website folder (which means, in most cases, that someone maliciously deleted that file from your web folder).
Now if have some technical background, you can check for the following signs to see if your website is hacked.
Recently modified critical files: Check to see if one of the following files was recently modified (without you modifying it either directly or indirectly):
- .htaccess file
- Any template file
If you see any of the above files with a recent timestamp although you did not modify the file, then your website is most likely hacked.
In our next post, we will discuss what to do when you know that your website is hacked (the first thing to do if you can’t fix it yourself is to contact us – we will help you and we are available 24/7/365). Meanwhile, if your website is OK, then check these security tips for your Joomla website to better protect your website.