2013-01-25, 08:38 AM
I think I know the 'how'.
I peeked at all the ways to access the backend that I could find, unfortunately an ftp account I had for Tom so he could update his own hguols domain appears to be the culprit. It last logged in at the exact time all those new htaccess and default.php files were added to the sites (which was the cause). So I dont know if someone used his credentials to load us up with all that malware or if a java plugin he installed for his music player gave someone access on that day, either way though, I have removed that access and hopefully any further issues.
I hope everything is gtg now, I appreciate your guys help and patience. Special thanks to holy for visiting so often, if you hadn't OP'd on the date everything went awry, I probably never would have made the connection to the problem! (I am just teasing you HD)
I peeked at all the ways to access the backend that I could find, unfortunately an ftp account I had for Tom so he could update his own hguols domain appears to be the culprit. It last logged in at the exact time all those new htaccess and default.php files were added to the sites (which was the cause). So I dont know if someone used his credentials to load us up with all that malware or if a java plugin he installed for his music player gave someone access on that day, either way though, I have removed that access and hopefully any further issues.
I hope everything is gtg now, I appreciate your guys help and patience. Special thanks to holy for visiting so often, if you hadn't OP'd on the date everything went awry, I probably never would have made the connection to the problem! (I am just teasing you HD)
- Todd DuFore (DMPDesign)
Site Founder
Site Founder