hello last week my my site was hacked.And 2 days back some adult link was added bottom of the site.what should I do security purpose?plz suggest me as early as possible.
Many websites are hacked by using stolen FTP login credentials (username and password). These login credentials are stolen by a virus on PC that has FTP access to the infected website. The virus works in a variety of ways. The two most common are: stealing the information from a plain text file and "sniffing" the FTP traffic. First, many free FTP programs like FileZilla store the saved credentials in a plain text file on the PC. If you're using FileZilla on Windows XP, look in: C:\Document and Settings\(user)\Application Data\FileZilla\sitemanager.xml (user could be administrator or whatever user you sign in as) In there you'll see each of the sites with the username and password stored in plain text. The virus finds this file, reads it and sends the information to a server which then logs in to each site, downloads files, infects them and uploads them back to the website. Many of them also then monitor the website to see if the infection is still there. If it's been removed, it tries logging in again using the same valid credentials and re-infecting the website. This server often times also puts various "back-doors" on the website so it can re-infect the website after the passwords have been changed. These back-doors are usually .php files that include the string: eval(base64_decode(... but there are many others as well. The second method, where the virus "sniffs" the FTP traffic is also commonly used. Since FTP transmits all data in plain text, including username and password, it's easy for the virus to see and steal the credentials this way as well. I have a YouTube video showing this: http://www.youtube.com/watch?v=oYI1kssrrbc What can be done? First, I would switch from using a free FTP program to using WS_FTP by Ipswitch. I wish I could send everyone to an affiliate link, but I can't. But I do like their product because it does save the login credentials but it's encrypted which makes it more difficult (not impossible) for the hackers to use this information. I would also see if your hosting provider supports SFTP or FTPS. These two protocols are encrypted so they can't be easily sniffed. Of course, the hardest part about this whole scenario is convincing people that they have a virus. Everyone always says, "I use XYZ anti-virus so I know I don't have a virus." However, these viruses learn how to evade detection so often times a different anti-virus program is needed in order to find and remove the virus. Many have had good success with Avast, Kaspersky or Vipre. This is just my experience but I have cleaned over 20,000 websites - and counting.