Help securing my site(s)...

[scout1idf]

First a little history....In the fall of 2010, I noticed that someone had been adding scripts to my website(s), usually an onload() stuck in the body tag with an encrypted script.After doing reading, I found out that leaving my file permissions set to 777 was leaving my site wide open to the world. After that I started setting all files to 444 which seemed to fix the problem.Friday June 24, 2011, I went to my main testing site and noticed that the page was loading slow and saw that it was waiting for something that I didn't recognize. Quickly I closed the browser and ran a virus scan. After it came out clean, I connected through FileZilla and saw that my index page file permissions had been changed. (I am very cautious about the permissions and know that I didn't leave it set to anything but 444).I deleted the index page and uploaded a clean copy then changing the permission to 444 as usual.Without thinking, I went to my other site (without checking FileZilla first) and a java applet downloaded a virus to my computer. When I finally was able to go there through FileZilla, I found both the index page and log-in page had the permissions changed.Now to my question....1) How could someone change the file permissions other than myself and change my files? (I'm the only one with access)2) How can I stop this from happening again?To be honest, this kind of stuff almost makes me want to give up web design and learning anything about it. I really like doing it, but if my sites would hurt anyone else, I don't want to do that....

[justsomeguy]

How could someone change the file permissions other than myself and change my files? (I'm the only one with access)

Well, apparently you're not the only one with access. There's a hole somewhere that someone is able to use to gain access. They might also have the server password. They might have gained access when the permissions were more lenient and used the permissions to install a backdoor that they can come back to. Look around all of the publicly-available directories for PHP scripts or other things you don't recognize. The code might also be embedded in one of your other pages. They might also be exploiting a vulnerability in the server software itself or something else installed on the server.http://sectools.org/web-scanners.html

[scout1idf]

I found a bunch of mal-ware on my computer after I got hit Friday. It's possible some of it had been there for quite a while and caused the problems I had last fall as well as this time around.I use FileZilla exclusively to upload to my site. It automatically saves the connection information including the password (which I already changed for both sites). I was going to ask if there was a way to make it not save the passwords then I looked again and found it.As for my computer, I use Webroot antivirus with spy sweeper and it missed the mal-ware. I downloaded Malwarebytes anti-malware (free version) that was suggested by our IT guy at work, and after 4 scans it caught 15 trojan's / viruses. Since then I have had 15 "clean" scans. I was wondering though, is there anything else I should try to make sure my machine is clean? (free preferably though I may buy the full version of Malwarebytes)

[thescientist]

don't download stuff from people/sites you don't know, don't open email from people/sites you don't know.

[scout1idf]

don't download stuff from people/sites you don't know, don't open email from people/sites you don't know.

Thanks for the advice. I already practice the above suggestions. Sometimes I won't download pictures from people I do know.

[whh-kevinw]

Also, if your site was already compromised once, just to be safe make sure you change all your passwords (FTP, server, etc.) to something really secure as it is possible the hacker got that as well. If you use any third party software on your site (eCommerce, WordPress, etc.) make sure they are updated as that is another way that hackers can infiltrate websites.