v3.18 security question

[djf]

Does anybody know if there's any security loopholes with 3.18.

I've been hacked twice and a script (different one each time) put in ALL my index.php files and index and default htm/html files.

My host provider says it's probably a php script vulnerability but that's not an area I know anything about.

The one thing recognisable on the server is that there was a directory called gmav created that nobody at tech support seems to know anything about.

This directory is not present on my other sites server and I've not had any hacking problems on there (fingers crossed).

Any help would be really appreciated and, of course, valuable info for others.

Thanks

David

[Robsta]

Nothing as far as know. What about other scripts installed on the server?

[djf]

Nothing as far as know. What about other scripts installed on the server?

Thanks, gives me confidence it's not cubecart. There's nothing on there except some htm pages and the host provided stats progs. The only other possibility i can think of is someone managed to hack my ftp password and put these weird gmav directories in that automatically chnage all the index files. I've had the provider nuke the site and re-upped everything, changed all the passwords etc. so hopefully this will be the end of it.

[Guest fandango]

Its always a good idea to change your ftp / admin / email passwords regularly anyway and to have a back up copy of the site directories and database.

You can do this easily via Cpanel if you have access to that or your hosting company can do this for you if you ask them.

I recently had all of my sites hacked by a virus on my machine that infiltrated my ftp programme and placed an unescape script on all the pages, what a nightmare it was putting them all right, so now i change passwords and create back ups on a weekly basis.

Also it is essential to have a decent up to date antivirus software installed on your machine.