schmero...@gmail.com wrote: > One of our client's websites gets hacked frequently - 1x per month - > usually with some kind of phishing scam. >
We've also had some problems lately. After deep investigations we saw that in 100% of the cases there were no break-ins at all. Not in the old fashioned manner anyway. The ftp usernames and passwords were stolen from the client's PC with keylogger or spyware. The hacker could then log in to the ftp account and make changes to the website. To prevent this: Change ftp passwords often and check client PC machines for viruses. Security aware companies will after an incident like this be aware of the risks to use MS Windows to upload their website content. If they can't live with that risk, then they have an option to switch - perhaps only the machines used for ftp transactions. Mikael
