I have a corporate website hosted on Site5. Sometime on Monday, all of our webpages were altered, adding a line that launched a series of windows telling viewers of our site to use System Doctor.
I've changed all our passwords and republished the correct files. I don't know how someone got into our account. My best guess is that the password was somehow harvested from the computer of one of our employees who have the password.
However, I don't know what happened or if we are still vulnerable. I worry that the original security weakness is still there. I also worry that the person who got into our account left behind malicious code or some kind of back door.
Based on positive mention on this site I contacted Rack911 about checking our security. I got one reply asking if I had shared hosting. Then Rack911 stopped replying to emails.
Are there any recommendations for firms other than Rack911 that could help us secure our site? Are there any other recommendations for steps I should take after having our site hacked?
I read your post that you need someone to check out the sites security. Your basically at the mercy of your provider (site5) but if you run any scripts and such they could be out of date and a possible intrusion point for an attack. Also if you have any kind of upload script this can be dangerous.
You can determine versions and some of the settings the main provider uses but that's about it but it might help
Our site is static, with no PHP and no MySQL. However, 2 years ago it was a scripted site with PHP and MySQL. Although none of our pages use PHP now, there are still some PHP bits installed on our site, such as Pear.