#1. Immediately change FTP password of your effected account to a stronger one. Make sure all passwords are mix of alpha-numeric and not a dictionary word. Just because you thought of a difficult word from dictionary does not make you safe.
#2. First thing you need to do is check all vendor/developer sites for ALL web scripts/applications used in your account for any update including any mod you may be using in any web application. If you are using any open source web application, that may be the prime suspect. However, you must check all and keep them upto date. Check the database on www.secunia.com for any known exploits released in public.
#3. Once you have verified that 100% of scripts are latest stable, you will need to go through all files of your account and make sure none is uploaded by hackers before you audited or left by you from an old install of an application. There may be files in folders you would never imagine. You can use ftp or cpanel file manager to go through all files under public_html and compare them with your local copy. [You should always maintain a local copy for this comparison as well as backup]
#4. The MySQL database access to all web application should be using separate db users. Do not ever use your main account user/pass for it. Your main user/pass should never be stored in any file in your account.
#5. In your control panel, activate archive option of your web logs in Raw Log Manager. This will give you the opportunity to check how the hacker exploited one of the scripts. Otherwise all raw logs are cleared after generating stats. If you have already been hacked, its too late now but you can archive the logs for future attacks.
#6. If you have customized a web application with a mod, make sure it is also latest stable. Many popular web application may be stable but one of the addon mods are exploitable, which may not be maintained any more.
#7. If you have written some code yourself, make sure all input variables are sanitised (checked for valid data before using it). Otherwise a single line of bad code can give access to your entire account. The usual blunder is to include a file based on user input. Again, make sure all input to a script is checked for valid data. All exploits are based on input data. If your site does not take any input, you are 100% safe from web exploits, i.e. if you run 100% static html site with no script whatsoever anywhere in your account.
#8. If your site has been running fine for years, it does not mean there were no security holes in it. It actually means that exploit was unknown or you were lucky that no one exploited it before.
#9. Contact your developer to conduct a thorough audit of your account to remove any vulnerable scripts.
#10. Use SFTP instead of normal FTP to upload files to your account.
#11. Keep your antivirus updated and regularly check your computer for malicious iframe codes and other viruses.
#12. Always download plugins and theme from the author’s website only or from the reliable source. Be careful while downloading from third party website. I see some bloggers downloading paid themes from rapidshare and other file hosting websites for free. My suggestion is to use legal theme as you won’t know the codes inside the theme.
Exclusive tips by SACHIN RAUT