Know how to check for suspicious and/or modified files. Know how to check the raw Apache logs for suspicious activity on your site. (FAQ)
Get help the right way
If you believe your Web site was attacked, do not post in the Joomla! forums. If there is a vulnerability, publishing that information could put other Web sites at risk. Instead, report possible security vulnerabilities to the Joomla! Security Task Force.