Pro Install Continually Hacked

[Cobla]

One of my Pro installs (v2 of course) is being hacked on a daily basis and I'm getting sick of re-installing every single morning so here I am!

The hack in question seems to just be inserting bad code into index.php however because this bad code is neither IonCube or Zend encoded Snippetmaster returns with the message "index.php is corrupted" and I have to re-install.

I got in touch with my web host who informed me to reduce file permissions (index.php is already 644 anyway!) and to remove / repair the PHP code that is allowing the hacks to take place.

"Fixing" SnippetMaster is way out of my scope (even if the PHP files weren't encoded) so I really don't know what to do, other than change web host of course...

Any ideas?

Thanks!!

[Jenkinhill]

How is this "hacking" taking place? Does someone else have admin/super access to SnippetMaster so they can edit whole files? Or ftp access to the server? Access via server control panel? First step when something like this happens is to change all passwords. Then look for other scripts on your own site which could be hacked or provide access for hackers, such as old forum programs - or even on the server if you are on a poorly configured shared host.  In any case, it may be useful to check the server logs carefully to see when/if there are accesses other than your own to the SnippetMaster directory.

If I were a hacker of SnippetMaster I would not be interested in altering index.php - I'd be putting advertising on your web pages!

The index file does not need to be writable at all, and chmod to 444 may work for you.

[Cobla]

Thanks for the advice - much appreciated!

The attacks on the site were originally thought to be via old PHP scripts (that's what the web host said at least). On closer inspection however, it was actually by FTP so I've changed all my passwords and *fingers corssed* won't have any more dramas.

Thanks again.

Colby