I've checked the access logs and users are getting into the site from one .php page...any help or tips guys?
At the recovery time after hack you need stop web-server. If you already know how the intruder entered to the server you need correct this error in the code. Depending on the type of hack you should. Also check server presence of php-shells, trojan horses and etc. In general, make integrity check of your code and server as a whole.
If you're hosting your site on a (not very secure) shared server, a script kiddie may be using a Perl/PHP shell script to access your files from another site located on the same server - this is the most common senario.
If they are getting your site from that one .php pages, make sure its secured to prevent XSS and cross-site scripting attacks.
Ok cool, not sure what that is though. I've got the access logs from the server infront of me, how do I determine successful accesses where do I look?