We just (yesterday) got the website hacked again.

Last time back in February I learned the lesson of keeping Joomla up to date and now I've learnt the lesson of keeping plug in components up to date or deinstalled.   This time, as far as I can tell it was either a remnant of the previous attack that left a hole open or the JComment component.   I think I have them cleaned up...   Remember to back things up boys and girls, though be careful that you do not back up the threat itself.

I am going to have a look at the site with a few security scanners - first up will probably be OWASP....

Update: I used OWASP through a website called hackertarget.com but I'm not sure that they actually ran the tool properly.   I will have to get back to this.   The report didn't walk the complete installation so the output was a bit limited.