I worked on this site awhile ago for a client, but it was never completed (because of issues with the client).... anyway...it was hacked because of pages that were never password protected. Hackers uploaded spamming scripts, phishing pages, and more. For the client, I deleted all that stuff and password protected everything (I think), but different things keep being uploaded.... Can anybody try to hack the site and tell me what to do differently??? http://coolwaterpictures.com/ This folder is where the stuff is being uploaded: http://coolwaterpictures.com/gallery/gallery1 Thanks!
Since you coded it, do you remember, anywhere you added support for uploadig files ? If yes, then did you keep check on mime type of the files being uplaoded ? Or, do you think the admin panel (if there is one) is seure eough in authentication? regards
Check on the upload part make sure no executables are being uploaded. If you sure your script is safe, ask your host or your sysad.