Most of Joomla's security problems (like many other CMSs of the same kind, by the way) are due to, at best, "leaky" modules and templates. At worst, they have been specifically modified to hack their users' websites. This is especially true for paid modules that were posted somewhere for free - the chance that infection occurs through such modules is the greatest.
And if there is something like that, I recommend demolishing it. But in general, you need to carefully study the server logs and find out through what exactly the infection occurs.
Also, as an option, you can try to put a web anti-virus on the site, for example, santivi.com - theoretically it should help.

1. Rewrite the code without using joomla, drupal, wordpress and other examples of "beautiful" code.
2. Make a complete Review of the existing code (extremely time consuming and expensive), bookmarks can be anywhere
3. Change hosting

1. Do not use Joomla.
2. Clean really all malicious files. Remove suspicious add-ons.
3. Perhaps this "something" is already on your computer. Pay attention to security, do not save passwords.

Update to the latest version.
Templates are taken from a reliable source.
Minimum plugins.
Reasons for hacking:
1. A special hole in the template. Almost half of these templates.
2. Plugin hole.
In Joomla itself, such bugs are very rare.

yandex.ru/promo/manul#about - Yandex Manul - so write in the search. Here is the solution to your problem. Just in time!
to health =)

Answer honestly, did you download templates with add-ons for free, without SMS?

Order an audit of the site code.
If possible, transfer the site to static (if it is some kind of blog, then it is quite possible to pre-render the Joomla output into static html), then there will be nothing to break.

joomla 2.5 is not officially supported and thrown into the dustbin of history.