Site hacked again 4 years later. I need some advice.
So about 4 years I asked this question
. Nothing much happened to my site then other than a index.html file was created which defaced my site.
Then today I get a not too official email from paypal telling me my site has been compromised. The email looked weird and had a url in it within my site. I open a new tab hand type the url and it exists.
I ssh into my site ls -alt to find most recent changes. I had not done anything in 2008 so it was really obvious what was new and modified. So I clean up the mess and change login info.
I renamed and moved the new files so I could look at them and find r57shell was used. mail logs have tons of out going.
The oldest file that was changed was from end of Jan 08. My logs only go back to mid March, so I can not see what got through. I had changed my old code to ignore variables with www or http. I do have awstats which I perused through pages/urls to see if anything in Jan stuck out. Nothing did.
I'm going to redo the site completely, but wonder how they got in.
And paypal/ebay asked me to help by giving them any logs that might help them.