I have several joomla site and lots of wordpress sites. I find that it is very difficult to keep the Joomla sites free of malware, just because there are not many security extensions that can help. I scan my Joomla sites every few days here: http://evuln.com/tools/malware-scanner/ But, you could use any scanner. Typically, the most common malware I get is one that redirects my social and google traffic. Does anyone know of some decent security extensions or help for keeping your joomla site safe?
I've made several dozen sites with Joomla and have never had this happen. My best guess is that you have installed an extension that has some sort of cross-site scripting vulnerability. Old, outdated extensions might be prone to this. I would do a google search on any third party extensions you use, along with the term xss and see if any of them are known to have exploits. I'm not sure of any specific extensions to refer you to, as I've never had the problem. Have you checked the "Site Security" section of JED?
My suggestion would be to look : http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection or try OSE Anti-Virus™ for Joomla! or Admin Tool (Free Alternate )
To keep your joomla safe and secure: 1. Backup your mysql (everyday). 2. Backup your joomla directory (weekly or daily, according to your joomla requirements). 3. Install ALL official upgrades (asap). 4. Use external services like SiteLock. 5. Change your admin passwords (monthly). 6. Never use extensions or templates from unknown (hackers, black-seo) websites.
#6 Is always on my mind, when it comes developing new joomla site. Because most of hackers injected scripts in templates/extensions.
Backup is crucial, I agree with Aff_Fan on this one. You may also want to check out this component http://extensions.joomla.org/extensions/access-a-security/site-security/spam-protection/25529. Claudia A.