[RichieBoy67]

It doesn't work that way. A website is not a "Fridge". It requires updates and care and maintenance.

I would be willing to bet that you really only got hacked once from failure to do a patch or something like that and you just never fixed it correctly. Now they can come and go as they wish.

I have had vbulletin sites for years and only got hacked once many, many years ago when I did not know what I was doing. Keep up to date, be careful with your plug ins and file permissions and take some precautions and you will be less likely to get hacked.

--------------- Added 09 Sep 2015 at 23:33 ---------------

I would be interested in knowing what version got hacked originally.

--------------- Added 09 Sep 2015 at 23:35 ---------------

Also, what are you talking about "plain test passwords"? Passwords are not stored anywhere as text.##OK, I see you are talking about the file system. Every script I have used, wordpress, joomla and countless others have a config file with this information. That file should never be seen by anyone unless using ftp and if a hacker already is that far than you have already been hacked.

--------------- Added 09 Sep 2015 at 23:36 ---------------

Quote:

Originally Posted by loua_oz

Thank you,
The hacked directory (root and subdirectories) were saved by the provider as soon as I requested them to down the site (it was displaying hackers' message and I could not get into admin to shut it down).

Just went in and chmod to 000 what they saved, thanks for that. Poking around the site there is nothing visibly wrong.

If a file or directory are touched, it shows the timestamp that sticks out when the directories are listed.
Several times I saw things like "maill.php" that was inserted without harming the site contents.

Indeed, as I am on the shared server, could be 100s of sites hosted on one physical machine.
However disciplined I might be, a slacky site owner on the server may invite a trouble for all ?

Is there some tool to check the database? The cPanel provided by webhostinghub.com has "database repair" and it ran cleanly.

--------------- Added 09 Sep 2015 at 01:16 ---------------

Just remembered. In

./includes/config.php

there is hardcoded database name and password, in plain sight, unencripted

// ****** MASTER DATABASE USERNAME & PASSWORD ******
// This is the username and password you use to access MySQL.
// These must be obtained through your webhost.
$config['MasterServer']['username'] = 'dbname_admin';
$config['MasterServer']['password'] = 'unencripted_password';

Is that how it should be? Never seen that in my life.

Nobody should ever be able to see that if your file permissions are correct. If you can see that in plain site you have a problem with your file permissions. Most files should be at 644.