I'd like to avoid the situation in the future. If anyone could shed light on this for me that'd be great.

It was a relatively benign attack (I think) but to the "average" user seeing this could shatter their trust. What happened was that the default page is set to index.html > index.php. I had renamed the html page so the php would display.

This is what I think has happened. I had been doing some jobs on scriptlance. I basically do most of the work on my host accounting as a demonstration before I transfer it over and someone decided to go into one of the forms I had done and create an index.html file.

I'm trying to remember the various projects I've done.... I don't really recall writing a form handler to do any shellexec commands. I would think that be a requirement to do this sort of attack, right?

I'm pretty diligent cleaning post data for DB insertion, but I really didn't see this coming. This attack can only be done if I do an exec call of some kind with the form data right?

Or....if I have given others write permission to the directory anyone could insert the file. Ah.... that is probably what happened. But my previous question still stands as I thought my forms were "secure."