This morning I noticed a php script on one of my sites with functionality aimed at cracking passwords, and on two other sites programs containing Trojans. I have of course immediately deleted these files from the public_html folder.
Anyones with a idea about what else I should be looking at to make sure that there are no other damages?
I assume the possibility to upload files must be due to some kind of unsecure form?
Thanks for any help and ideas on how to prevent against this!
These topics are showing up a bit more frequently these days.
It sounds like your server has been compromised. You'll need to lock down the server as there is most likely a hole there. If you are on some sort of commodity hosting plan on a shared IP, I'd be considering a new home.
The possibility to upload files is probably due to an open FTP port and a dictionary attack on the login. That is just one method. If your on a shared hosting plan with thousands of others, there is the probability that many of the others are in the same position as you. :(