Like many others here, my web site appears to have been hacked. I got the common folders of porno, frames added to .htm files, etc.

I've cleaned up my site as best as I know how (it's not very big), changed my account password, and yet the site continues to be hacked.

I'm missing something.

I read the security thread that Mitch has pointed several other people to. I see the following list of files/folders that should be present on new accounts:

/etc
/mail
/public_html
/public_html/cgi-bin
/public_html/.htaccess
/public_ftp
/tmp
/www
/.lastlogin
/.contactemail

and possibly:

/.fantasicodata
/.cpanel
/.cpanel-datastore
/.htpasswd

I have all of those, with the following in addition. I would like to have someone confirm that if any of the following folders/files are something that I don't recognize, that it would be safe to delete.

/.spamassassin
/.sqmaildata
/.trash
/.access-logs
/.logs
/MM-CASETEST4291
.contactmail
.cpanel-ducache
.ftpquota
.htaccess
.spamassassinenable
n.sql

I'm thinking some of these could be legitimate and I don't want to just delete them without knowing what they are.

I am using Dreamweaver for my site, so that one file is probably OK then?

My PC got hit with some nasty malware a couple months back... I have long since eradicated it from my PC. However, during the time I was infected (probably before I realized it) I most likely uploaded infected files to my web site. Google was kind enough to alert me that my site was not meeting their standards. As I stated, I found numerous infections on my site which I cleaned up. However, even though I've changed my account password, specific things that I know I've fixed keep returning-- things like inserted frames in htm files.

I'm thinking there is a back door that is still open somewhere on my site, and I'm trying to get help in locating it.

Mitch,

Thanks for the advice. I scan daily with AVG and Spybot... no infections reported going on several months now.

I also have other web sites hosted with Lunarpages that I update on a daily basis that are all just fine. The site in question is a small, basically static site that isn't updated at all (unless an error is discovered or something). Furthermore, I use my PC basically 10 hours/day at work, and I haven't had anything weird going on since that infection several months ago. So I'm pretty confident that my PC is clean.

So what happens is I find an infection, say an inserted frame. I delete the frame. The site displays as it should. I don't touch the site for a week or so. Then I visit the site and notice that there is a whitespace border along the top (which I have since learned is an indication that a frame has been inserted). I check the htm file in question... sure enough-- frame inserted. I have repeated this cycle several times now.

Pretty certain mines been hacked as well, and it all started last week when I tried to upload a new template from wordpress......it's been nothing but a headache ever since. Now everything I have hosted here on the servers is not showing when clicking links. No forum, no blog, and no homepage, nothing but a google search page.

Can't even get a redirect done the way I want it to make a simple blogspot into my homepage. Beginning to wish I had never renewed for another year just last month and saved myself some funds.

Can blame myself a lot I guess for biting off more than I know how to do, but the first year was trouble free.  Next year I'll just stick with buying the domains from google apps and using blogspot for it all. So much easier for someone like myself with limited knowledge.