all sites hacked

[coldclimber]

I seem to have an issue with my whm.

On all my sistes today there was an iframe that appeared at the bootom of each site, in the code

<iframe src=""></iframe>

Now in the sites there is a folder full of html files showing another website, i can delete the files and then they come back straight away, i can not change permisions, I have tried everything to get rid of them but they keep appearing.

I have changed the ftp passwords, the root password, scanned with clamav, done all the usuall but nothing changes this is one hack i am stummped to fix.

I own the domain coldclimbs.co.uk but it is not hosted anywhere now and i had the account on the server in question, but have since deleted the whole account.

Any help or sugggestions would be usefull.

 

[ruzbehraja]

Did you check the .htaccess files?

They probably have some directives which should not be there.

You should also check the ownership of the folders and files and also check the file permissions.

You may also want to check the current processes running.

 

[brianoz]

It really depends on how the files/folder are getting there; you need to check whether it was ftp or from another source. May be worth hiring an admin if you own the server.

 

[Lenterakecil]

It could be through a theme or a plugin. possible

 

[faisikhan]

Hi

There can be numerous reasons of websites being hacked, the reasons & solutions can be:
1.Make sure all of those sites are up to date with the latest versions, Plugins etc including any modules they use for them.
2. Most of the users don't update when they think their website is working perfectly & do not check for the updates which makes an ease for the hackers to hack the sites.
3. Immediately change FTP password of your effected account/s to a stronger one. Make sure all passwords are mixture of alpha-numeric and not a dictionary word.
4.In your control panel, activate archive option of your web logs in Raw Log Manager, this will give you the opportunity to check how the hacker exploited one of the scripts.
5.Download all your web data locally and scan it using an updated anti-virus software.
6. Beware of 777 permissions, this gives all the rights to everyone.
7. Immediately contact your host for more help & assistance.