incrediBILL - 3:02 am on Jan 16, 2013 (gmt 0)
When you're hacked, blocking IPs is just a temporary crutch to stop a situation like a botnet sending you millions of emails to spam. It does not solve anything, only puts the problem on hold while you find a permanent solution, assuming they don't have multiple ways in and it auto-switches IPs when it notices it loses contact which the more sophisticated may do.
It's what I'd do if I was on shared hosting. If you start now, you could be live and fixed somewhere by tomorrow rather than still figuring this stuff out. In other words - quit trying to figure out the problem and just go directly to the solution.
Like wheel said.
If it we're mine, I'd move to a new server IMMEDIATELY and make sure I have a clean software installation of any scripts I'm using before making it public again.
Mainly because in a ahared server environment you can't be sure if it's the server hacked or just your account and you can't trust server admins to know the difference or even tell the truth about it. I published about a hosting company a couple of years ago with about 50% of their accounts having a virus injector on their home pages, multiple servers, it was a big mess and they were telling individual customers that they needed to change their FTP passwords. Yeah, right.
Anything short of moving to a 100% clean environment is just wasting your time, money, and if ecommerce risking your customers CC numbers and potentially your merchant account.