Every few days he edits all the .html files in my FTP and on the bottom of every page adds an iFrame code segment that makes the page redirect to one of his pages with an image and a suspicious VB script running in the background. It's clear by where the code is in the file(at the very bottom) and the indentations that he's inserting the code into my .html files somehow.
Here's the thing, everyone I ask says he's most likely doing it via MySQL injections, but the only MySQL on my website is used for my forums, who have so far been untouched by the hacker. My forums are currently using phpbb 2.0.22 and a MySQL database. Could he somehow be accessing the .html files in my FTP by going through the forums? But if he's doing that why wouldn't he mess with the forums as well? Also, I really don't think he has my username/password for the FTP because if he did he would be doing more than just adding lines of code wouldn't he? And as I said, the code he adds is always at the very bottom of the page with a few indentations on every page which strongly indicates some sort of external injections.
So basically what I'm asking is if you guys could visit gameinfinite.com, see if you see some sort of security hole or something I should add for security or if you have ANY ideas of how he could be doing this and how it could be stopped I'd be very, very grateful. Thank you very much to anyone who helps!
This post has been edited by Emper0r: 28 September 2007 - 02:04 PM