rowls1000 — 2011-09-20T16:27:03-04:00 — #1
i have a server for my website through 123 - approx weeks ago it was hacked and all the ftp files where lost but not the data files - the site has ecommerce zencart system on it aswell and we could not log into that either - my web designer uploaded the site again and changed all passwords etc like 123 said to do. Its bben fine for 4 weeks now but again we can not log in to the admin on zen cart and some of the web site text has been wiped off again - 123 says it nothing to them - my web site designer says the same - arrggggg
jeffwalden — 2011-09-20T22:09:42-04:00 — #2
Well, you really do need to find the source of the intrusion. It's possible, but not always easy. A log file is probably going to be your best bet. The software you're running on the server could have been susceptible to an attack, such as SQL injection. It's really far more common than most people think. Alternatively, but less likely, the intrusion could have come in from the network level.
I would start by checking the FTP logs. Given that those were the only files to go and the database was left in-tact, there's a good change your FTP access was compromised. Even if you change the FTP passwords and the system is vulnerable, the hacker could find the FTP credentials and simply start all over again.
doug_g — 2011-09-21T00:11:03-04:00 — #3
Another thought, scan your workstation and any other workstation that may have used a ftp client to your site. Some malware steals ftp passwords from client programs like filezilla then days or weeks later the bad guys use the stolen ftp password to hack your web server.
technobear — 2011-09-21T09:20:07-04:00 — #4
If by 123 you mean 123-reg.co.uk, then they have a facility to lock the ftp access. You need to do this via your control panel. You still need to work out how the hack occurred, but that should give you a little extra protection.