Site got defaced by the HighTech HackTeam.
Affecting
Any web site. Some of their attacks specifically targeted unpatched Joomla sites with the JCE vulnerability
Cleanup
Restore your site from a clean backup. Deleting all files first is the best option since it will delete all backdoors and other malicious files that
hackers could leave on the server. It is important to identify and close the security hole to prevent recurring attacks.
If you use Joomla, make sure to upgrade and fully patch it. Pay a special attention to component and plugins, especially to JCE.
You can sign up with us and let our team remove the malware for you.
Dump
...excerpts from a typical defacement page...
<html><head><title>hackeado por HighTech Brazil HackTeam</title>
</head><body link="#FFFFFF" alink="#FFFFFF" vlink="#FFFFFF" bgcolor="#FFFFFF">
<!-- Hoje nao tem nada na index pra te zoar velho do caralho, so nos comment aqui kkkkkkk
se abriu essa porra... pau no seu cu viu com muito amor :* !-->
...
<center><img src="http://zone-h.org/images/star.gif"> <img src="http://zone-h.org/images/star.gif"> <img
src="http://zone-h.org/images/star.gif"> <img src="http://zone-h.org/images/star.gif"> <img src="http://zone-
h.org/images/star.gif"></center>
<center><big><big><pre><big>hackeado por <b><i>HighTech Brazil HackTeam</i></b></pre></big></big></big></center>
<center><div class="cont"><pre>por <a href="https://twitter.com/xFellipeCT"><font
color="#000000"><big><i>xFellipeCT</i></big></font></a>
</pre></div>
<center><pre>nos somos
<center><font color="#000000">[ <b>@xFellipeCT</b> - <b>@Thiago_0k</b> - <b>@aceeeeeeeer</b> - <b>@synchr0n1ze</b> - <b>@byCrazyDuck</b> ]<br>[ <b>HighTech Brazil HackTeam SEMPRE!</b> ]</font></center></pre>
...
><br>gr33tz
<center><pre>[ <marquee align="center" direction="left" scrollamount="3" width="441">LLL - Kouback_TR_ - Atena - BL4DE - MasoqFellipe - Conan - Slayer
Owner - M3str3 Root</marquee> ]<pre>
...