I have a server with serverprono that was just compromised last week.
When I found out about it from my client, I went to see what had happened.
They first made a dir /.secure/form.html
and the form.htm was a page they made from bank of america trying to collect cc info.
I deleted that dir etc. and then I shut down the ftp account for this site.
My server was unplugged at this point for aup violation and was told I needed to contact abuse threw email. They are telling me they will plug it back in and give me 24hrs to fix the problem.
What do you guys sugest at this time.
The clients password was a weak 6 letter common word
could this been the problem?