At first attack mostly only a redirecting code was inserted into any index.* file. Bigger files had this hacker's code inserted within their content and the rest of their original code was gone.
Today one of my websites a hacker "visited" again. The only manipulated file was the cmsimple/config.php. It was replaced with some Arabic static webpage. There was no damage to the page itself, only the config was rewritten.
Now:
1. I have a static IP defined in my FTP account
2. All previous passwords are changed
3. All index.* files are CHMODED to 444
4. The website is built on CMSimple 3.2
5. There is the .htaccess file in the /cmsimple DIR:
Code: Select all
order deny,allow
deny from all
What else to do to avoid these suprises?