First of all do not panic.

The first thing to do is take your site off line and run the forum post tool and examine the results.Run the forum post assistant in tar version or in zip version and security tool Instructions available here o enable you to make a post in the security forum to help assist working out where your weak poins are

 

  1. Delete all folders/files on the server
  2. Check all computers with server access for malware
  3. Change all passwords and if possible user names for the domains control panel joomla
  4. download the latest release for your version of Joomla
  5. a. Ftp to the zipped file to your server and unzip it, then delete the installation folder
    b. Unzip it and ftp all except the /installation folder
  6. Download the latest version of the extensions you use that are not on the  Vulnerable Extensions List . Unzip them and ftp them to the correct folders.
    or
  7. Use a clean backup if you have one

Change all passwords and if possible user names for the domains control panel joomla Super Admin, and joomla Admin password; do change them often. If you need to reset your admin password  see these instructions.

  • Check you server logs for IP's calling suspicious files or attempting POST commands to non-form's
  • Use proper permissions on files and directories. They should be should never be 777, but ideal is 644 for files and 755 folders.

Ensure your server has  php as cgi and suphp and up-to-date serverside software Use a server that has mod_security installed properly

If you believe it is a core issue, please see http://security.joomla.org/jsst.html