I apologize if this is the wrong spot for this. I got the email last night saying there was the vulnerability and to update JomSocial ASAP. Today, I got the notification from my host that my site was hacked. I know I need to update JS still, but are there certain steps I need to take since my site is currently compromised?

I'm sorry for the panicked message. I am given 24 hours to fix this before I'm kicked from my host. :X

I'm running Joomla 3.2.1, JS 3.1.0.1 (says I have the latest version installed).

Here's what the host says:

Hello,

We have received a notice that your website has been defaced and/or hacked.

Please take the following corrective measures within the next 24 hours to prevent domain or VPS suspension.

1) Remove all defaced materials
2) Scan all directories within the account for hidden files that do not belong.
3) Change all passwords associated with that account
4) Update all CMS software or scripts running on that site to the latest version.
5) Provide an update to this ticket once all changes are complete.

Here is a copy of the original complaint that we received:

#############################
Dear abuse team,

please help to close these offending portals sites(1) so far.

status: As of 2014-02-05 07:10:51 CET
support.clean-mx.de/clean-mx/portals.php...s.net&response=alive

(for full uri, please scroll to the right end ...

This information has been generated out of our comprehensive real time database, tracking worldwide portals URI's

If your review this list of offending site, please do this carefully, pay attention for redirects also!
Also, please consider this particular machines may have a root kit installed !
So simply deleting some files or dirs or disabling cgi may not really solve the issue !

Advice: The appearance of a Virus Site on a server means that
someone intruded into the system. The server's owner should
disconnect and not return the system into service until an
audit is performed to ensure no data was lost, that all OS and
internet software is up to date with the latest security fixes,
and that any backdoors and other exploits left by the intruders
are closed. Logs should be preserved and analyzed and, perhaps,
the appropriate law enforcement agencies notified.

DO NOT JUST DELETE THE FILES. IF YOU DO NOT FIX THE SECURITY
PROBLEM, THEY WILL BE BACK!

You may forward my information to law enforcement, CERTs,
other responsible admins, or similar agencies.

Hi Della,

I have been upgrade your jomsocial to 3.1.0.4.. :)
please take a look and test again your site.. if any problem please let me know :)

Warm Regards,

David

Thank you so much for updating it for me. Do you have any recommendations for removing the hacked files? Or how to find all the hacked files?
Thank you!

Hi Della,

I'm sorry i have no idea how to find all hacked files, maybe you can ask your hosting support or look into hosting log file :)

Warm Regards,

David

I had to restore my site from a backup, which brought me back to JomSocial 3.1.0.1. I tried upgrading JomSocial, but it still says 3.1.0.1. How do I upgrade JomSocial?
Thank you

Hi Della,

Here is step by step upgrading :)

How To Upgrade Jomsocial

Warm Regards,

David

Thank you! I know what I did wrong last time. I installed the updater file instead of the community file. I was able to update it without any problems when I used the correct file. oops :)

Hi Della,

Please make checklist before upgrading jomsocial and also provide a backup :D

Warm Regards,

David