First, your can audit your account and remove all the exploitable material from your account. Update your scripts/applications to latest available releases. Keep on changing your passwords on regular intervals.
1- Immediately change FTP password of your effected account to a stronger one. Make sure all passwords are mix of alpha-numeric and not a dictionary word. Just because you thought of a difficult word from dictionary does not make you safe.
You may refer to: http://www.pctools.com/guides/password/
2- First thing you need to do is check all vendor/developer sites for ALL web scripts/applications used in your account for any update including any mod you may be using in any web application. If you are using any open source web application, that may be the prime suspect. However, you must check all and keep them upto date. Check the database on www.secunia.com for any known exploits released in public.
3- Once you have verified that 100% of scripts are latest stable, you will need to go through all files of your account and make sure none is uploaded by hackers before you audited or left by you from an old install of an application. There may be files in folders you would never imagine. You can use ftp or cpanel file manager to go through all files under public_html and compare them with your local copy. [You should always maintain a local copy for this comparison as well as backup]
4- The MySQL database access to all web application should be using separate db users. Do not ever use your main account user/pass for it. Your main user/pass should never be stored in any file in your account.
5- In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats. If you have already been hacked, its too late now but you can archive the logs for future attacks.
6- If you have customized a web application with a mod, make sure it is also latest stable. Many popular web application may be stable but one of the addon mods are exploitable, which may not be maintained any more.
7- If you have written some code yourself, make sure all input variables are sanitised (checked for valid data before using it). Otherwise a single line of bad code can give access to your entire account. The usual blunder is to include a file based on user input. Again, make sure all input to a script is checked for valid data. All exploits are based on input data. If your site does not take any input, you are 100% safe from web exploits, i.e. if you run 100% static html site with no script whatsoever anywhere in your account.
8- If your site has been running fine for years, it does not mean there were no security holes in it. It actually means that exploit was unknown or you were lucky that no one exploited it before.
9- Contact your developer if any to conduct a thorough audit of your account to remove any vulnerable scripts.
10- Use SFTP instead of normal FTP to upload files to your account.
11- Keep your antivirus updated and regularly check your computer for malicious iframe codes and other viruses.
12- Always download plugins and theme from the author’s website only or from the reliable source. Be careful while downloading from third party website. Some bloggers downloading paid themes from rapidshare and other file hosting websites for free. My suggestion is to use legal theme as you won’t know the codes inside the theme.
13- Make sure you have set the right permission for all your directories and especially .htaccess file. If your .htaccess file is writable then there is a very good chance that your website will get hacked sooner or later.
Anyone who writes web application code, should be familiar with security. I found this book in my local Library particularly on php: http://www.oreilly.com/catalog/phpsec/ I recommend it to all. It covers all apects of vulnerabilities found today in web applications. Found this site as well from the book: http://phpsec.org
14. If your website has been hacked recently, contact us to change your main hosting account's password and create a ticket for this requests.
Have a nice day!
Friday, June 24, 2011