Who is reponsible for virus in a Joomla based site?

1.Is it the website designer/developer,or is it the hosting company?

2.What steps must be taken so that all virus is removed immediately from such a site?

 

Could be anyone/anything. Usually the culprit is insecure or out of date scripts, it's good to keep all your scripts updated since vulnerabilities are patched from time to time to prevent issues like this. The hosting company can have implementations to help secure a site, so it's good to see if you host has any of these implementations in place.

You can get your provider to re-create your account on the server, but beforehand take a backup and scan it against your A/V to remove any infected files, then re-upload or restore your files from the backup.

 

It depends what kind of virus you're talking about. If someone is running a cross-site scripting exploit on you, recreating the account and putting the code back on is not going to help. I have had several Joomla sites and no viruses.

 

If you read Hosting Company Policy, they are not responsible for any 3rd party software. In some cases of intrusive scripts/virus host can block your site and ask to remove completely from their servers but if you have luck they will warn you and help you to clean up the mess.

 

Virus can come from anyone's hand who is using FTP or cPanel, It can be you or your designer. And Its sure hosting company is not responsible for this.

 

Anyone at all with the ability to upload, download and/or modify the files directly.

 

Usually malware gets on joomla sites after attacks based on component vulnerabilities. In example a component that allows users to upload their picture but does not check file contents/extensions, so attackers can upload a php script to take over the website. Usually modern attacks are more complex than this example.

You have to clean it up or best reinstall everything from scratch and then make sure exploits are closed.

For that you'll have to update all software to latest available version, stop using components that are known to have exploits (check vulnerability sites for each of the components you're using), change passwords from time to time (especially after new developers worked on the server).

If it's a profitable production site, hire a security adviser to check it from time to time and run some scanners to look for suspicious files.
In example http://ateom.com/malwarescanner/ .

Also, make sure server has magic_quotes On to prevent some variable attacks.

 

Change file permissions unwritable except cache, tmp, images. Its might be a good solution