With the recent security announcement regarding SQL injection, I was wondering what I could do in order to 'review' my current Joomla sites, and ensure none of them have been compromised.
Apart from the obvious, upgrading to the latest release and ensuring all 3rd party components and plugins are up to date, and not on the vulnerable extensions list.
Is there some way I can scan or check my current sites to ensure there is no malicious code 'waiting' to do harm?
In the past my shared hosting providers have sometimes contacted me informing that they have spotted some malicious code and it should be removed asap. However it would be good if I could conduct a similar review periodically.
Perhaps there are 3rd party components for this? Or is such a review not feasible?
Suggestions or help appreciated :)
This is a paid service but you are not locked into a contract and can cancel at any time if you no longer need the service.
Another service provider that I know could do this for you is https://sucuri.net who appear to know their stuff.
There are likely other providers that offer the same type of service.
I am not associated with Phil Taylor or Sucuri but am a paid http://myjoomla.com subscriber and am very happy with the service which is constantly being improved.
These days http://myjoomla.com can also do remote backups, remote extension updates, automatic updates for some extensions (if you are into that sort of thing!) and also includes uptime monitoring etc which are all really useful tools especially if you are managing multiple websites.
These are the tools I use
Watchful.li: similar to myJoomla.com and also monthly https://watchful.li/
RSFirewall: Has the best scan for malware and files that do not belong in core Joomla install https://www.rsjoomla.com/joomla-extensions/joomla-security.html
Admin Tools Pro: good firewall and a PHP changes scan https://www.akeebabackup.com/products/admin-tools.html
TOOLS TO SCAN