Security problem - repeated hacking
Hi there,
I'm using Power CMS (I think 1.02) on a client site.
Today is the third day in a row we've been hacked with exactly the same exploit.
We've spoken to server support (InMotion Hosting) and have changed file permissions to lock them.
But somehow the hack keeps happening. They're deleting all the files and creating their own files which include something called "egy_spider" exploit. I don't know if that's related to the vulnerability their exploiting or if it's simply the exploit they're pursuing, but I am attaching that file as a zipped PDF with this post, in case it's useful for reference.
Anyway, InMotion hosting has told us that they believe it's a vulnerability in the CMS that's allowing a PHP injection.
I've browsed the forum and the only related post I can find is about the security issue - server asset folder (showthread.php?t=22506).
I've applied that fix, but am wondering if there's something else I should be doing to secure the installation.
Please help if you can.
Cheers,
Jade