Rob & I had a fun day today, looking after our children; - well actually all our Joomla sites.
There a was a significant security hole discovered yesterday affecting all Joomla versions from 1.5 through to 3.4. Such things do happen in all CMS software, including Wordpress :-)
As Joomla 2.5 and 1.5 are end of life (but also vulnerable), the marvellous people in the Joomla community have also released some "hot fixes" for these old versions as well - not that too many people are still using that platform - but there are some.
Sure enough one of our sites had a dodgy file placed in it this morning, and we think it was because of this newly discovered 'hole'. Extra server security scans immediately identified the file as a 'baddy' and quarantined it. We were able to quickly fix that one, and the upgrade of all our monitored sites was completed in a short time. But then we thought we'd better scan them all too - just to be sure.
We offer a monthly scan and audit service for Joomla sites @ just $125 per annum for websites hosted with us. We charge more if it's not hosted with us, as we have to ensure we have independant backups available before doing any work on a site. You can order that product here if you need.
Here's the info about the security release
https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html
And also the 'hot fixes' for Joomla 2.5 and 1.5 if anyone needs them.
https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
Feel free to post questions though!
Ian