Just try and check your logs. If you can't find them or if you don't have them ask your webhoster for help or just replace your scripts for a while. If they can hack it so far, the might hack you introuble even more so your site will be used for illegal transportation of files, you'd never know untill you get a bandwith bill.
for files in /usr/local/apache/domlogs/*; do grep "wget" $files; done;
DO you have an old kernel?
Depending on your linux skills, i suggest hiring some help there are many people here that can help. theres easyservermanagement.com, serveradmins.biz, linux-tech.net, wemanageservers.com, etc.
Steven Ciaburri | Industry's Best Server Management- Rack911.com
Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance
1) check kernel version (should be at least 2.4.25)
2) check for problematic cgi/php scripts, mostly look for dangerous functions / places where you don't validate the information you get as an input from the browser
3) have an up to date web server
4) check that you don't have ports that are opened with no use on your server.
5) check for known security problems on other services as well.
If it's just YOUR specific site that keeps getting hacked, it's most likely none of the above. Those would indicate the server itself being hacked, not your specific site.
Steps to stop something like this are rather simple:
A> Change your password and give it out to NOBODY
B> Remove all scripts that you didn't specifically write. Most likely these are the cause of your hack. If you can't remove, then at least verify that they're secure. Most aren't.
C> Change your public_html permissions so that only YOU can write to this folder, not nobody, not your group.
D> Change your index_html so that only YOU can write to this file, not nobody, not your group.
If you're running a bulletin board, then this most likely needs to be updated as well.
WHMCS Guru - WHMCS addons, management, support and more. WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
Always looking for Linux, WHMCS, Support Desk work. PM for details