Does the account host any open source software? In 99% of the cases, the hacker is able to get a hold of the account by using open source software such as Joomla, wordpress, etc. that is out dated. Or, the customer is using some custom modifications which are not written properly and allow the hacker to exploit the software. In any case, the issue is caused directly as a result of the php scripts allowing the hacker to gain access to the account. What we recommend to our users at that point is to completely remove the account and recreate. Then, reload the latest software, do not use mods that you don't know about and make sure to not install any software that you are not using.
The response from the webmaster in regards to mod_php or php permissions being too open don't apply as we run PHP as CGI and permissions above 755 will not work
Users browsing this forum: Baidu [Spider], Bing [Bot], Yahoo [Bot] and 3 guests