Hi, I have a general security question about the Go Daddy Apache server I am on (I think I am on). (If I posted this in the wrong section I apologize in advance.) This happened all of my domains (16 total) that I own and have Joomla installed to them. I have more than a handful of domains that have Joomla installed on them. A few hours ago they were all hack and taken down, I was able to figure out how to fix the issue myself. However my question is this, Now that I know how to bring my sites back on line and working properly, how can I stop it from happening again? The short of all of this is this, my index.php file was completely overwritten or just deleted and replaced with a new one. Below is a screenshot of the code that is my new index.php. Of course I called Go Daddy, no help there. The part that pissed me off the most is: in the code, the image is hosted on a domain that is hosted at Go Daddy, uuugghh
The problem was probably in Joomla. Were they out-dated installs? Any out-dated plugins? There's many factors which could have caused the hack. When you restore from a backup (which I hope you have) you can take a look at https://geekflare.com/joomla-security/ and https://docs.joomla.org/Security_Checklist/Joomla!_Setup for some basic hardening tips.
99% sure that the problem is with the Joomla-install, plugins, or something else - searching for the code in Google returns this page: http://ddecode.com/phpdecoder/?results=46862176fe853f7dd0503e0db287525b which show some eval() code (first of all, eval() should be disabled on the server) - check your server, check your installs, make sure the sites are secure.