The steps I have taken, is simply changing my FTP details as the passwords use to be words, now they are uppercase, lowercase and numbers pure gibberish!
Any tips on securing my two (LARGE e-commerce) sites, both of which are in PHP... one is Joomla, and the other is Actintic (Awful system, awful)
Google denied access to one of the two sites, causing us to lose around £800 (aprox $1,240 USD) in sales on Monday. I DO NOT want this to happen again
Any advice would be fantastic.
The files that got attacked were:
all .js files - Had 6 document.write's which embedded two scripts one from recentfeed.com and the other from elperiodic.canal-si.com
some deep .php files - this line that got placed would run the eval(); function, with base64_decode(); from what I believe these files are the source of the attack. The script would inject a line of html (embedded the elperiodic.canal-si.com script) right before the <body> tag on all my pages.
pretty much every planin .html page (most of which are used for blocking access to directories - Joomla's system not my doing!) all had the <script> with the src of elperiodic.canal-si.com
Need any more information, feel free to ask, I may of forgotten something - I'd like to keep the sites that got attack a secret... for security reasons