The YT Framework deployed with SJ University II still contains a version of minify (\includes\lib\minify) that allows an attacker to misuse the resources of the site. We've been experiencing al increased bandwidth on our site (the attacker managed to make 24GB of traffic in 10 days) and all caused by direct HTTP access to the \minify subfolder.

The minify backdoor(?) is seems a known issue since 2015 but I see that even the standalone library still contains files from 2014 therefore I conclude it is an old version that allows missuse.

I've currently restricted the web access to the problematic IP addresses since I cannot find any other solution in this short period so please take note of this and see if the version of the minify package can be upgraded or this kind of missuse can be blocked.

Finding the "backdoor" might be hard.
As with any hacked website, you probably have three options:

1. restore from a known good backup, update Joomla and third party extensions to the latest versions and reset passwords

2. rebuild the website from scratch with clean copies of Joomla and third party extensions

3. find and fix the malware, update Joomla and third party extensions to the latest versions and reset passwords