Well i do need to upload .php files myself but maybe blocking certain folders would be helpful.
I think an email alert would be perfect as if i notice anything i had not uploaded or anyone else had not uploaded that was working on the site - i know straight away that the security has been compromised.
I have been working on a update for my site and there are many folders and files - it would be a mammoth tast to manually check these every day. Although the security hole has now been patched there are always new scripts, etc that may offer similar opertunitys in the future.
What worries me is that the file they uploaded went several months before being spotted and it was designed to get server access (passwords to just about anything).
So someone else has had access to my server for the last few months using it for something and i don't know what.
The only reason it was spotted is because Google has penalised my site and i had to look into why. It is likely because they did something Google did not like that i was unaware of.
I now have the hassle of checking every file on my server to see if anything else was placed & going through the process of a Google re-inclusion request, etc.
I knew while working on the update that there may be some security holes but was not too concerned as i had everything backed up - never thought it might lead to a Google penalisation.
Now at the last stages of the update - my traffic is low and it is a real downer.
I want to make sure the site is secure as can be so that if i can convince Google the site is now clean the problem will not happen again.
I would have though an email alert from certain file types would be a good thing and something others might have thought of in the past and perhaps there was a simple way of setting apache for this.
I am surpised that not many people have responded to this question as i am sure it is something that everyone would benefit from.