got hacked ... and then ..

setting up a store, noticed this weekend while I was out of town the site was hacked. I deleted the site, restored from back up, changed passwords, changed admin page name etc. I also went through my log files and blocked the ips of the would be hackers. Asides from .htaccess what esle can I do to stop this kinda stuff



thanks





69.162.99.144 - - [20/Sep/2010:00:52:24 -0700] “GET www.***.com/w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1” 400 299 “-” “-”

207.46.195.228 - - [20/Sep/2010:09:05:26 -0700] "GET ***.com/robots.txt

What you posted is just a typical scan and those will happen daily . Do you have any proof that your site was actually hacked?

[quote name=‘S-Combs’]What you posted is just a typical scan and those will happen daily . Do you have any proof that your site was actually hacked?[/QUOTE]





yea the attacker updated and added files to a few of the cs-cart directories and I received a malware warning from my browser that data was being served from known malware Russian sites… Unfortunately I share access with the client who has been updating the site and isn’t net savvy.



The site is hosted on a shared server, and I’m not a big fan of godaddy as they don’t allow full log access.

Your site didn’t get hacked. Most likely your local computer has a virus and someone has sniffed (stolen) your FTP passwords. Scan your computer using several programs and change all FTP passwords. I recently had this happen.



Take a look at



[URL]http://badwarebusters.org/main/itemview/12379[/URL]



[URL]http://forums.digitalpoint.com/showthread.php?t=1699239[/URL]



[URL]http://www.scammeralert.info/website-hacked-attack-by-iframe-and-index-php-gifimg-php-base64_decode/[/URL]

[quote name=‘Triplets’]Your site didn’t get hacked. Most likely your local computer has a virus and someone has sniffed (stolen) your FTP passwords. Scan your computer using several programs and change all FTP passwords. I recently had this happen.



Take a look at



[URL]http://badwarebusters.org/main/itemview/12379[/URL]



[URL]http://forums.digitalpoint.com/showthread.php?t=1699239[/URL]



[URL]http://www.scammeralert.info/website-hacked-attack-by-iframe-and-index-php-gifimg-php-base64_decode/[/URL][/QUOTE]



this is useful information, I’ve switched to using ssh as my transfer protocol. in addition to everything else.