Hello Chantal,

Perhaps if you can provide us with your Joomla backend and FTP access we could figure out what causing the site to be vulnerable to attack. Please advise.

Of course, thank you.
See below.
But I deleted all wrong posts and users. But I am sure it wont take long until they start again.

Hello Chantal,

I've checked your user level settings for "Registered" user group and it seems like the user group has the "Super User" permission checked as you can see from my screenshot here, http://screen.stackideas.com/2015-06-09_1847.png . Hence they will be able to access your administrator area while having super user privilege. I've removed super user privilege for the registered user group and it should be working fine now.

I also have disabled "publish entry" from the easyblog ACL settings for registered user group so that they won't be able to publish the new blog post without your permission. You can always change it back the setting from backend > easyblog > ACL > registered > publish entry, http://screen.stackideas.com/2015-06-09_1852.png .

Hope these help.

Hi Ezrul,

Thank you so very much!

Have a good day (or night?) :-)

Chantal

I'd also check in with your host. While hardening security on this side is a must, most hosts can and will help. I know my host, HostGator wants to know about hacks and vulnerabilities.

Hi David,

you are certainly right. I'll do that.

Chantal

Hello Chantal.

You're welcome. Have a nice day