DXL - 9:39 am on Jan 20, 2011 (gmt 0)

I wonder just how big this problem is.

I have client sites hacked every so often. If the problem doesn't lie with vulnerabilities by the hosting company, there are really three things that you can do.

1. Change passwords frequently, and come up with passwords that are difficult to crack.

2. If anything on your site uses a database (message board, photo gallery), visit the site of whomever developed the software, and make sure that you have all the latest patches updated.

3. Keep frequent backups of the site, especially databases.

A number of script kiddies simply hear about an easy exploit, and will often Google that version of the software. Once they find it, they attempt to exploit it (MySQL injection, etc).

Otherwise, I just try to keep a close eye on client sites, or check the files in the root folder of their server to see if anything has been modified recently.