Quote:
Originally Posted by f.montoya
Alan T, Molarmite currently has an all access FTP account. However, his most recent infiltration was only to his forum. Being his webhost, I'd like him to follow your advice in getting his machine scanned for any malware/trojan before we go on to the next steps(such as limited FTP accounts for the game only, etc.). His main site has been untouched since the attacks from last month, but that is not to say it is safe.
That said, I continue to see that the hacker is also placing iframes directly into the league reports as well. So I'm afraid that even a restricted FTP account for the game will not stop this cycle.  |
My recommendation is the ftp account/password that is put in the league file does not have access to the folders where the html league reports go. It only has access to ftp to the exports upload directory where the league file also goes.
This means that extra work is required in uploading the league html reports, but in this case where a site is compromised several times, I don't think you really have an option here.