Q: What do I do if my Joomla site has been hacked?
A: The hacking of a Joomla site is most often done in config.php file. Use Cpanel’s file manager to perform the following: The simplest
thing to do is to take the configuration-dist.php file and copy it to replace
the configuration.php file while editing things such as the mysql database, mysql
username, mysql password, and the joomla table prefix number, which will be
jos_###_ where ### is the domain id number from the tkp system. You can
get the domainid by hovering over the edit link in tkp next to the domain.
Once you have replaced the configuration.php with the correct
values and verified the site is working, both by logging into the administrator
and reviewing the front-end, use cpanel to change the permissions on the
configuration.php file to 644.
