Linux server, tight password, no other user access. How do hackers get access to put malicious files on my site?
Fortunately I recognized a file date that wasn't one of my uploads. Didn't get flagged so I guess no harm done but where is the crack they get through?
Go to Solution.
Some possibilities are malware on a computer used to manage the site, vulnerabilities in FTP and/or scripting on the site.
It is a good idea to only FTP over SSH, and don't save the password in your FTP client.
Make sure any software you use is up-to-date. They offer a free malware checker, but an upgraded plan is needed for more indepth scans and malware removal.