[TA]

I just stumbled onto this thread. We were attacked on 10/8/08 by this same hacker. We noticed the insecure warning from IE. That was our first clue. I got on the phone right away with our server host and once I determined that files were changed, I closed down the web-site. Our host uploaded backup files to replace any that were changed, we changed all passwords and I shut down FTP access on our server. I rarely use FTP, so we are leaving it off for now. I usually work through CPanel file manager. Now that I know the extent of this, I am having our host run the SSH command from post #64 to make sure we didn't miss anything.

Has the source ever been figured out? I understand that we do not want to burn anybody at the stake, but I would like to know where the breech happened and if steps have been taken to help prevent this in the future.