Recovering from a Hacked site
Thanks for reporting back what happened.
It's a good idea to change all passwords (local and remote), wipe the site of all files, and re-upload from backups. Often hackers will leave hidden files behind to make it easier to get back in.
Make sure that you have different passwords for every site or the attack can easily spread. If the password is easy for you to remember, it's likely not strong enough. Using a tool like RoboForm makes it easy to use very strong passwords that are unique for every site and function.
This underscores the need to be able to quickly restore a site by firing up your favorite FTP program, select all, and putting a fresh copy of your site on the web server. It is very tedious to have to go through every file looking for hacker damage.
Many attacks start with the local computer. Once they get in, it's not that hard to recover your FTP passwords, and have their way with your sites. Gone are the days when you can "clean" an infected computer. It pretty much demands a disk wipe and re-installing the OS.
My server gets an average of 3 or 4 attempted break-ins a day. My banned ip list is getting rather large. :)
