Common website sabotage a Joomla site is the injection of spam links going off to other websites.
These show up in many different forms:
The links often connect to shady websites like pharmaceutical and imitation goods e-commerce sites (e.g. a website selling fake designer handbags.)
Unfortunately, links like these are a sure sign that your Joomla site has been hacked.
There is a misconception among many website owners that they are not likely to be hacked because they're not, "a big deal," like a larger corporation. However, everyone is a target because any website can offer some benefit to a hacker.
In the case of spam links, the hackers don't think that visitors to your site will suddenly change their mind about viewing your content and actually click through to the URL's (locations) that the hackers are linking to from your site.
What's actually happening is that they're attempting to use your site to manipulate Google's search results.
No one knows the exact formula that Google uses to rank websites, but it's generally accepted that how many websites link to your site impacts your rank in their results.
The common idea is that the more relevant content on a website is, the more people will link to that content.
In this way, everyone votes for which site is the most relevant for a type of search with every link being a "vote." The more links a website has pointing at it, the higher in the search results it will appear.
SEO (search engine optimization) firms attempt to improve their clients search result rankings by reaching out to other websites and getting them to voluntarily place a link on that site to the client's site.
This is both challenging and extremely time-consuming. Hackers attempt to achieve the same effect by simply hacking websites and placing links into the content.
Sometimes these links are visible to visitors and sometimes they only appear under conditions that involve traffic from Google.
The most common places where hackers alter your site files are:
These files are always included when your website is loaded in a visitor's browser. A careful review of these areas will sometimes identify the cause of the spam links.
In some cases, you can do a text search for the URL's displaying, but most often they're craftily altered right before being displayed.
If a hacker gains access your database, they may elect instead to alter your content table by adding entries or changing entries. In this case, you should be able to see the links when you access your article manager and view an article.
The good news is that if you find the cause of the links and remove it the spam links will go away. The bad news is that correcting either of these targets will not fix the root cause.
This means that even if you identify what was hacked and fix it, it's highly likely that you will see the same links reimplemented a short time later, sometimes days and sometimes weeks after the initial hacking.
The only way to be completely free of the spam links is to perform a full site recovery.
This means that you not only need to correct the effects of being hacked by removing the causes of the links but you also need to remove any other hacked or altered files, fix any changes to your database that affect access, update your access credentials, and remove any vulnerabilities from your site.
If you're a developer or technically minded, a great place to start is our guide on How to Fix a Hacked Joomla Site.
Even if you aren't, it is worth a review to understand some of the effects of being hacked and specific areas you need to investigate.