I’ve been hacked again. I mean I was, at the beginning of July. Fixed that now.
What I really think that happened is that I never fully cleared the offending files/users/things last time, so evil spirits lingered in the dark. I even found a crazy admin user on my WP, which of course, I never created. Now:
I have a constant fear that something’s always there
I don’t really know what happened, I thought I took good care of security. I suspect it came from an old, not updated, insecure install on a domain I am hosting for a friend (never more, like Edgar’s Crow (or Raven (I know))).
The crazy thing about it is that it is in another domain, how is it possible that, through one install, these crackers can gain access to the whole of the user’s folder and hack other domains? Or is it even multi-user? I understand that if someone gains access to my ftp user, they can edit everything under that user, all my folders, but through wordpress -without ftp? How can they do it? Or did they get access to my ftp credentials too? How?
More security measures are in place now, I just wish we were all friends and not hack one another though =(.