Hi, I have a website that keeps getting hacked allowing them to upload a phishing website and i was after some advice on how to stop it.
The site is a dynamic website and after reading a guide i have added some code to the htaccess file to stop any requests for pages with http:// etc in. I was also going to change the chmod settings to stop access to certain directories.
So, I was wondering what should I be setting the chmod settings too? and is there anything else i can do to reduce the risk of this happening again.
I have a folder for the main site pages etc, a userfiles folder where images etc can be uploaded too and then several different scripts type folders. I imagine the userfiles folder would need to be left with unrestricted access but im unsure about the rest.
Any help would be great!