How To Clean a Hacked Joomla! Site

zauditsmallOK, so your Joomla! site is hacked. Maybe you received an e-mail from your hosting provider saying you need to fix the issue or they will shut your site down. Or, maybe your site is no longer accessible because your browser detects it as a bad site.  Or maybe your site has been hacked but you just don't know it yet.  In any scenario, Zap Audit was written to help you get your hacked Joomla! site back up and running. It finds hacked files, recommends best practices based on a site analysis and provides proactive monitoring to minimize future hacking of your site.

Zap Audit generates a detailed audit report of your site, showing hacked files, potential issues, and best practices.  A lite/free version is available that provides summary information of your site, which can be used to verify your site is free from hacks and provide peace of mind.  If an issue is found, you can use one of the paid versions of Zap Audit to obtain details of the hack and best practices recommendations.

Depending on the status of your site, there are two methods of running Zap Audit:

  • On-Line Mode - Use this method if your site is relatively healthy and you can access the administrator back-end normally.
  • Off-Line Mode - Use this method if your site is off-line or you cannot access your Joomla! administrator back-end. You can also use this method to check a Joomla! 2.5 site using Zap Audit installed on a Joomla! 3.x site.

These methods will be described below.

Read more: How To Clean a Hacked Joomla! Site

Zap Audit: Audit and Monitoring Tool For Joomla

zauditsmallIf you ever had a Joomla! site hacked, you know how difficult it is to clean up the site. Hacked files can be sprinkled among the thousands of files and folders in the Joomla! filesystem and are not easily found by an administrator. Looking at file dates and combing through web server logs are the manual techniques to find these files, which is a laborious process and missing just one file is an opportunity for a site to be re-infected all over again. Hacked sites can be blocked by web browsers or shut down by ISP's until they are cleaned up.

Zap Audit is our newest Joomla! extension and was written by a Joomla! administrator for Joomla! administrators to combat hacking of Joomla! sites. It allows administrators to take back control of their Joomla! site. Zap Audit finds hacked files, recommends best practices based on a site analysis and provides proactive monitoring to minimize damage from future hack attacks. Zap Audit can save hours of work cleaning up a site, allowing you to delay or even eliminate the need to rebuild a hacked Joomla! website from scratch.  It runs entirely within your Joomla! website, so no data is transferred outside your company to a third party. Zap Audit can even analyze an offline site that is down due hacking or other reasons by analyzing the zipped files from the site using Zap Audit installed on another Joomla! site.

Your Joomla! site is analyzed by Zap Audit for hacked files in seven ways:

Read more: Zap Audit: Audit and Monitoring Tool For Joomla

Change Log for Zap Audit

Version 1

1.6.0
Released April 25, 2017
New: Support for Google's safe browsing feature
Fix: Support for Joomla 3.7

1.5.0
Released March 7, 2017
New: Added multiple Joomla installation check in database best practices
New: Added e-mail display options in global settings
New: New log level option in global settings
New: monitor plugin: site link now displays cached audit report for that site

1.4.0
Released February 7, 2017
New: Added suspect file check
New: Added Zap Audit files to unauthorized and CRC checks
New: Removed valid Joomla cache and log files from recent files report.
New: Removed Zap Audit installation from recent files report
Misc. bug fixes

1.3.0
Released January 30, 2017
Added check for Zap Audit version
Color coded version release in monitor plugin screen (green for up to date, red for needs updating)
Misc. bug fixes

1.2.0
Released January 26, 2017
Added file audit mode to audit offline sites.
Revamped caching control
Last audit report is now cached
Added check for one and only one super user account
Misc. bug fixes

1.1.0
Released January 20, 2017
Added Pro version with plugins for monitoring multiple sites and sending e-mail alerts when a change is detected
Fixed issue so older Joomla! installations now work
Added additional best practices checks
Added Joomla version check
Monitor plugin (pro version) can now send e-mails, using just one cron job for all monitored sites.

1.0.0
Released January 11, 2017
Initial product release