Here are some common, non-technical signs that your Joomla!® site has been hacked.
Even if you don't have the faintest idea how to log into the administrative side of your website, you may notice some of these symptoms.
You may notice:
- Google or your web browser flags your site as harmful when your domain is entered.
- Your Google search results change. The text beneath your site link on Google has text that you didn't write, unrelated to your website.
- You see a sudden, unexplained decrease in site traffic or conversions. If Google Analytics says your traffic is indeed down, this may be because site visitors are receiving the warnings about your site being unsafe.
- Visitors who do reach the site are being scared off by warnings from anti-malware plugins. This may show up as a drop in the number of pages visited per user, and an increased bounce rate.
- You start receiving emails from your customers with questions about why they are seeing warnings when they come to your site (Most people won't bother to tell you, they'll just leave and not come back so be sure to thank the ones who tell you!)
- Your site seems sluggish, responding slowly to new page requests (it may be distributing malware or someone may have hijacked the account for spam or torrents.
- You receive reports that emails from your domain are being blacklisted, or customers begin to report they aren't receiving your emails (check DNS based email blacklists).
- Your hosting company suddenly suspends your account, or sends a warning message they have found malware. Don't assume the threat is over if you get an email notice from your hosting company that they "found and deleted" malware. If the hackers compromised your site once to insert malware, just deleting the file does nothing to protect you from them doing it again. You must find the vulnerability and close the hole!
Keep in mind that hacked and compromised sites often have no obvious symptoms until the hack has been going on for quite some time. That's why we recommend that all Joomla site owners ensure their websites are continuously maintained and kept secure, each and every month. Clients who enroll in one of our premium Joomla maintenance and support plans, called Joomla Royalty Care, can rest easy knowing that our dedicated team of Joomla security experts is keeping careful watch over their site, 24/7/365.
As part of this service, we deep scan security audit your site on a regular basis, to catch site compromises early, when they first occur. That let's us take action before any real damage is done and before Google blacklists you or your customers are affected. And every one of our Royalty Care Plan maintenance and support packages for Joomla include a no-charge, hacked site recovery guarantee. If your site is ever hacked while protected under one of our monthly Joomla support plans, we'll fix it at no additional charge, no matter how long it takes.
If you do have the knowledge and ability to look around on the admin side of things and dig deeper a bit deeper into site analytics, there are technical signs to watch for.
Here are a few technical clues that you have probably been hacked:
- Your .htaccess file has been modified recently (look for 301 re-directs away from your site, or to pages that aren't familiar)
- Your config.php file was changed
- Your database has oddly named tables
- Your image directory has files in it that end in something other than an image format extension, such as ".php"
- You have administrative users in the backend you don't recognize!
- With Google beginning to mask almost all keywords, it's harder nowadays to find out if users are coming to your site using keywords common to spammers (like pharma terms or payday loans). Still, it's worth digging into your analytics and also checking your Joomla search history in the backend to see what kinds of information people are attempting to find on your site.
Help! I'm seeming some of these signs on my site
and think my Joomla site has been hacked!