• Quick tips for removing malware from Joomla



    Joomla has become a preferred CMS to develop websites. While a number of apps and functionalities help you attain customized visage to your website, ensuring security against Malware attacks is equally necessary and you know it’s hard to ignore. Removing malware from your Joomla website will ask for a number of modifications and other features get added to the website. Check out the following immensely important measures to remove malware from your Joomla website.

    Clean server and take back-up

    Always begin by removing all files from the server. Wiping the server clean is meant for the malware infection not getting multiplied. Remove the files and take a local backup.

    Review recent files

    Review files that were recently time stamped in the last 48-60 hours. A line of code such as “eval(gzinflate (base64_decode indicates the website enduring malware attack. The line of code is inserted at the top of each web-page in any header files and template index. The worst case scenario has witnessed the code being inserted along every file on the server. A hard job though, but eval(base64) needs to be instantly deleted to ensure malware is removed from the Joomla website.

    Check your .htmaccess file

    .htmaccess file is vulnerable to malware attacks and commonly encountered. Hackers use it to redirect your Joomla web page to their own site. Check for any line or a string function ‘gzuncompress’ that should not have been here. It won’t be a difficult process for you to detect the function that wasn’t written by you to create the website. Set the .htmaccess file permission to 444.

    Change FTP accounts

    Quickly modify your FTP account details.FTP accounts are most vulnerable to external attacks that may cause hijacking your website. Hackers, find it easy to access information by exploiting FTP accounts information that hasn’t been updated for long. Also, the system that was used to develop the website should be regularly scanned with anti-viruses. A system deeply infected with virus will assist the hacker in stealing your FTP details.

    Remove default conventions

    The first attempt by an attacker to hit your Joomla website would be to gain access to your administrative accounts. Most developers continue with default conventions (such as administrator for Joomla) which make it easier for the attacker to pursue his job at an early stage. Always change usernames from default to a customized ones that you can remember. This will make it mind throbbing for the attacker to pick usual user names.

    Install plug-ins

    Also, make it a point this time to embed plug-ins on the login page. The application will restrict the number of login attempts. If the hacker tries to implement several permutations to get into your website, he will be debarred from making more attempts, leaving him frustrated and helpless.

    Change Admin URL’s

    The common problem with a modern content management system such as Joomla is that the default admin URL they provide is left unchanged when your Joomla site goes live. This makes it easier for the hacker to track the admin page. Changing standard Admin URL’s to customized ones. This will betray the hacker, by removing existing malware from your site and also ensuring fortification against further injections.

    Also ensure the admin URL is not indexed by any search engine. If it does, disabling the disallow line from your rorbot.txt file and check that the link is not present in the sitemap.

    Check comments

    While many comments indicate good web traffic, they can be troubling at times. Comments are highly vulnerable to cross site scripting (XSS).

    Disable direct publishing of comments. Introduce screening by admin before publishing. Convert comments to HTML coding to remove spammers and malware. Also, using certain commenting applications such as ‘Discuss’ would be helpful.


    If you find this article interesting you also may want to check out the following blog articles: “Removing Malware from a WordPress blog” and “Consequences of your website being blacklisted by Google”.

    Let us know what you think and want to learn about website security and malware! Connect With us on Google+ , Twitter and Facebook or even LinkedIn!