How to check the exploitation?
Check your logs right away.
Look for requests from 146.0.72.83 or 74.3.170.33 or 194.28.174.106 as they were the first IP addresses to start the exploitation.
Also check your logs for “JDatabaseDriverMysqli” or “O:” in the User Agent as it has been used in the exploits.
If you find them, consider your Joomla site compromised.
In this case, please update your site to Joomla 3.4.6 or apply the hotfixes for Joomla 1.5 and 2.5 users that the instruction was clearly made in the blog: Update your website security with Joomla 3.4.6
We always catch up with the latest version of Joomla in order to carry out the best quality Joomla Templates as well as Joomla Extensions. Let's keep in touch with us to quickly access a wide range of high performance products now!
Hope it helps and thanks for reading!