Depending on the web hosting service you use, your password at your control panel could have been compromised. Don't leave your passwords at defaults as other users on the web hosting service already know how to connect already. Report the perp's site to your web hosting provider.
Use a unique structure in your web content area. If you feel that you are being exploited through MySQL or PHP code, then make sure you change the names of your files. i.e. I was getting constantly harassed and had to change the name of my admincp.html and put a blank admincp.html file its place. In fact, maybe not a bad idea to put empty folders and files at the previously exploited locations.
Unfortunately it is possible to leave cookies in your MySQL database, or in your php files. Look for modification dates that correlate with the hacking activity. I had this - and used this as a guide as to where to put the blank/bogus files.
|