Tips & Tricks: Migrate Joomla 2.5.xx to Joomla 3.x

When you find malicious code in your site it is often a line of javascript inserted into the bottom of almost every .js file on the account that used character code escapes to make it harder to detect. It is most often also embedded in many of the otherwise blank index.html pages within the sub-directories of your Joomla install. It is often difficult to pinpoint the reason either a Joomla exploit (iframe) or if the violators had the account password.

This type of infection is much more common with the password being weak or breached (do not use your birthday/name of your dog, Kids name/etc!!!) See more on Password strenghth here. For that reason, you are strongly advised to follow these steps:

Scan your local computer, the clients computer, and any computer from which you have accessed the account using an up to date virus scanner such as malwarebytes CRITICAL!
Update the cPanel/FTP password with a password that is not easily guessable. Use 15-digits and something like ( example (!) ) &G5sF#!K-|%H1G^
Submit your site for a rescan using your Google Webmaster account. If you do not already have an account please follow the instructions on this page to obtain one and Review by Google
CRITICAL! Note: You can get a Google Webmasters Account at this link
The information provided below about this type of viral infection and how to further prevent it.

What are malicious iframes and what causes them?

Over the years hackers found it hard to trick people into visiting suspicious sites so they're now targeting legit sites and using them to infect unknowing customers. In most cases an FTP account's password is obtained through key logging Malware, then legit website files are modified to distribute the Malware and gather more passwords. If your PC has been infected with one of these Trojans, your bank account, email accounts, and FTP accounts may no longer be secure. Note that Filezilla stores your password in plain text! Use strongly encrypted passwords with programs like Dashlane!

What to do if you find malicious iframes on your PC?

Use the following online vulnerability scanner and ensure your software is up-to-date: Securi (this is only indicative and not final!: These online scanners do make tons of mistakes)

Download antivirus and fully scan your PC for malicious files. Here are some free online scanners:
Trendmicro
Bitdefender
Kapersky
Update all passwords that may have been obtained. Do not use old passwords, generate new ones (see above link)
Upload older versions of the files or contact support for assistance removing the malicious iframes.

Prevention

Ensure you use the latest browser version CRITICAL!
Disable javascript if possible Use Firefox with addon "noscript" (!)
Download and install some (free) antivirus software, make sure it stays updated CRITICAL!
Use AVG Scan to test suspicious links you are given in emails or find online.

BACKUP & DOWNLOAD your site and database! Use either your cPanel features or use Akeebabackup or whatever you use: Now we get often the question "what extension does protect my site" Answer is simple: NONE : You will need to make sure that your host has its security features optimized (mainly Mod_Security/IPTables Protection/Live upload scanning/suPHP or Mod_Ruid and many more).

Make sure that YOU (!) do not make the basic mistakes: Folder permissions wrong! Never, ever(!) set folders to anything else than 755 and do not set your files other than 644 (global config of Joomla will be set auto to '444) Once again...Some extensions might help you discover vulnerabilities on your server but two key elements make the day or break the day: You & your PC and Your hosting Company!

You use to visit warez/filesharing/porn-sites? Use an other computer than to access your site and make sure you have top-notch protection! Do not underestimate the fact that behind a simple image of the "sun" a whole piece of code can be hissed! Download any zip etc and scan before opening the file!.

Get your Joomla Security Audit