website Being hacked every few days

[daz]

An .htaccess modification attack would usually suggest leaked FTP credentials rather than a PHP or scripting vulnerability.

Assuming there is a 'master' FTP log-in for your web space, if the FTP details are leaked they can affect your website as well. Check any computer you or your brother uses to access FTP for trojans or malware. Where possible, use SCP, SFTP, FTPS to connect to your webspace rather than plain FTP, this is especially important if you're not on a trusted computer or trusted network.

 

[bigredshark]

How obvious are the vulnerabilities you're scanning for? Doing this for a decent number of files would be computationally expensive. Are you just testing for bad use of $_POST/$_GET variables or is it cleverer than that?

SQLmap is a good tool for testing for SQL injection related vulnerabilities.

It's more advanced than that, there's some fairly cute scripting we've written internally to do it. We are reluctant to share at the moment, there's a school of thought that open sourcing it to the community would mean we could improve and pick up more and the opposing view is that my keeping it internal we still pick up a lot and attempting to find how it works and how best to circumvent it isn't worth hackers time. To date the later view wins out.

It is substancial work but it's made easier as our sites sit on SAN storage which can be accessed by dedicated scanning machines. Our recorded compromises have plunged since we implemented it but related support load has gone up a shade, it's not been a substantial saving (though it is a slight one according to our best figures) but factoring in customer experience seems to make it worthwhile.

We are talking in the region of 60k+ sites on that platform though, so economies of scale apply.