My site has been used for Phishing
I have a website that someone has been able to hack and install phishing pages!
I need to set the security to make this impossible. Looking back in the logs I found this code snippet:
"GET /index.php?page=latestnews//conlib/prepend.php3?cfg[path][contenido]=../../../../../../../../../../../../..//proc/self/environ%0000 HTTP/1.1" 200 6578 "-" "<?eval(base64_decode('</p>
After the page=latestnews there is a reference to conlib/prepend?cfg[path][contendido] which appears to install a page on the root directory from which they seem to be able to install phishing sites.
I have several sites on a dedicated FastHosts server but only 1 is being attacked?
Has anyone come across this and can recommend what to do?