Today 4 of my sites were hacked.
this guy just changed my index file with this mesage
Hacked by GHoST61
i did restored file and chmod 755.
How could he do this?
What did i do wrong?
i really need more information to avoid this to happen again
GHoST61 works in many, many ways. One of his/her methods is looking for folder permissions of 777. Sometimes software installations have you set the folder permissions to 777 in order to get their software to install. What many people fail to do is to set the folder permissions back to 755.
What software do you have installed on your website? Joomla, Wordpress, osCommerce, ZenCart?
These have all been under constant attack so be certain that you're running the most version of any of these as well as updated plugins for these.
Beyond that, change all FTP passwords and run a full system virus scan on all computers, yes Macs too! Sometimes websites are compromised due to stolen FTP credentials. This information is stolen by a virus on a computer that's been used to FTP files to the compromised website.
Please post back with any questions, comments or updates.