Thanks, guys, for the replies and helpful information.
I only ever log in from my own computer, which is a PC not a laptop and therefore only connects through my own ethernet modem and never a public wi-fi. It is not - and never has been - on any kind of network.
Thanks. That’s helpful and fairly reassuring.
Oh dear - I confess I’d never thought of that, although now it seems pretty obvious.
I am.
Well, I’ve just had a wee panic and looked at the database and the config file. The MySQL username is the same as the database name and the password is pretty strong and is not the same as the main account password. As these are the default settings, I can only assume Lazarus is brighter than I am!
Thank you. I’ll remember that in future.
Again, that’s something I hadn’t thought about, although it’s not a problem here. All admin e-mails for my various domains are sent to an e-mail address which is not associated with any of them.
That has been concerning me, too. As I say, the sites were hacked over a period of about a month. I was away for some of this time, or I might have picked up on it sooner. As soon as I discovered the problem, I changed all the passwords for all my sites (not just those that were hacked) and haven’t had any further problems. The passwords were all strong - mixed case, letters and numbers - and since I changed them, they now contain symbols, too. I never re-use old passwords and each account has a different password.
If I log into my cPanel using mydomain/cpanel, as advised by the hosting company, it resolves to port 2082, which is not secure. I hadn’t noticed this at first (oops again ), but since the hacks I’ve been very careful to login in using mydomain:2083, which uses https.
Thanks again for the reassurance. I know I’ve been getting paranoid.
Until recently, I had no idea such forums even existed. What a sheltered life I’ve led!
Since I started this thread, there have been another 34 attempts, much the same as before although from different IPs/countries. (Again, nothing targeting my other Lazarus guest book.) I find this really bizarre, not least because the site in question is a small local business, with only a handful of visitors per day and a couple of dozen inlinks, so I’m amazed that anybody has found it. The guestbook wasn’t on it when it was hacked.
Code injection vulnerabilities are not easy to trace down. There could be a number of ways that such vulnerabilities can come about, many of which you ruled out. It is futile to speculate whether the a malware in your PC is the culprit or not. If you are in the Web business, you need to have SFTP period. If your host does not allow it(It is beyond me why now?), change it. Switch to another hosting company that only allow secure FTP. Even that does not guantee anything. But it could point the blame finger only in one direction.
I also can’t understand why they won’t allow secure FTP. I have already moved some sites to another host, but I can’t afford to move them all at once. I’ve found several hosting companies that allow secure FTP, but none that only allow secure FTP.
All my sites are very small, which is why they’re on shared hosting. This one has fewer than 200 visitors per month.
I use a VPS - then I can set up and/or install whatever I want on there. I rarely use FTP now anyway, I’m usually logging invia SSH and rolling things out from SVN directly
