Powerstore 3 site continually hacked
I have a powerstore 3 site that is continually getting hacked. The images upload folder keeps getting scripts installed into it, the scripts remove all the images that have been uploaded to the folder and it keeps resetting my ftp password.
I have installed the new config file that web assist has provided as the known security patch yet the hack is still happening.
My client is growing tired of this happening and I need someone from Webassist to help look into this with me ASAP.
These are the files that are being inserted:
(130) us7nick, Scanning /home/us7nick/public_html:
# Known exploit = [Fingerprint Match] [PHP Shell Exploit]:
'/home/us7nick/public_html/imagesupload/cms_files/files/Sym.phtml'
# ClamAV detected virus = [PHP.Trojan.C99Shell-2]:
'/home/us7nick/public_html/imagesupload/cms_files/files/c99.phtml'
# Known exploit = [Fingerprint Match] [PHP Exploit]:
'/home/us7nick/public_html/imagesupload/cms_files/files/fst.html'
# Regular expression match = [decode regex: 1]:
'/home/us7nick/public_html/imagesupload/cms_files/files/vaga.phtml'
# (decoded file [depth: 1]) ClamAV detected virus = [PHP.Shell-38]:
'/home/us7nick/public_html/imagesupload/cms_files/files/vaga.phtml'