Budget: 1500 UAH Deadline: 2 days
Good day! Recently, I cleaned a similar hack on WordPress, where the infection only triggered when accessing from mobile devices. Judging by the fact that you were compromised again the next day, the backdoor is likely in the backup itself or in an old extension, and two-factor passwords won't help here. I am ready to go through the site, find the entry point, clean it up, and close the hole. Is your Joomla 3 the latest version 3.10.12 or an older one?