I was fixing my sites from getting hacked for the 4th - 5th time and remembered that I had turned Anonymous FTP on. I feel really stupid asking this, but I could get hacked with anonymous FTP on, right?
yes, your configuration files could have been downloaded by anonymous FTP. Also anonymous FTP allows users to upload malicious files allowing further access to be gained.
Yeah, I thought this was why I was having so much trouble. Didn't remember I had turned it on for a long time. Thanks
That depens, if you lock anonymous ftp to a subdirectory with only read permissions, nothing is wrong. If they can access the entire disk read/write. You are fucked.
Also people scan for anonymous FTP sites to use as "dump sites" for illegal software such as warez or mp3 and then distribute this information over the internet. So you might have also been loosing bandwith here :>
Disable anonymous ftp its good security measure to prevent attack like this, but also check other files for any injection or malwares