just continued the search, and this fella makes some really valid points as well.

I will have to agree with confusion on this. The cybercriminals have many, many ways of getting into your website.

Honestly, you can't tell without some good forensics, if they got in via keylogged ftp account, php vuln, sql injection, file inclusion, etc. Many successful attacks are based on software vulnerabilities (as stated earlier by confusion).

The point is, you need to be aware of security for your see more website. Assume anything you download is vulnerable until you prove it otherwise. We've worked on cases where people were infected by downloading what they thought was the free version of AVG. Cyber gangs know how you think. They know how to get high SE rankings either by using blackhat techniques or by using traffic from some well known site to redirect to them.

There are so many people out there looking to make money on the Internet. Some are legitimate some aren't. The ones that aren't don't care if they use your site or any other site to make money. They just want to make money. To many of them there's something "cool" about making money hacking. That's their mindset.

You need to adopt the mindset that everything is suspect. One of the postings on this site said that his site was hacked because of an ad server he was using on his site. Here he was trying to make money with an ad and turns out some of his visitors were getting infected by this. You can't trust just everyone.

Recently an infected update to Wordpress was offered. It was a version 2.6.4. Anyone who downloaded it and upgraded was serving up infectious code to their visitors. How rude!

I read that a lot of forums were getting spammed recently. People were stating that they're even using captcha. Many hackers/crackers... have tools to help them get past captchas. Their tools aren't 100% effective, but they don't need 100%.

As I read about and hear about all this level of forum spamming increasing, I immediately think, "What is the real motivation behind this?"

One possible answer is that the hackers/crackers have modified some anti-spam module and they have posted it online. Now to drive people who aren't using it already, to Google it, they start spamming every forum they can find. You as a forum website owner, seek out solutions - maybe on Google. You find someone offering a free download for anti-spam module for your forum software. You download it and install it.

Unknowingly to you, you just gave hackers a way into your website.

This kind of strategy goes on all the time. Be suspicious of everything online. You'll be better off.

That's just my 2 cents worth. In the current economic slump, maybe it's worth even less...
__________________
We Watch Your Website - so you don't have to!

Source: Grump (http://forums.digitalpoint.com/showthread.php?t=901622)

from the same thread (Confusion)
A couple of additional notes...

1. The scenario you describe is far and away the minority of cases. The majority of compromises occur due to exploiting vulnerable web applications - wordpress, smf, phpbb, etc, etc. Most of those apps parade their version number around, which makes it easy to search for vulnerable sites. Mpack is a scary thing to be sure. Don't visit your porn sites from the same PC you use to manage your sites.

2. Once an attacker has had access to your server, you must consider all of the contents of the server suspect, and it's strongly recommended to reload the server and restore from back up. Once I have had access, I can drop many backdoors that will give me continued control of your server after you change the password.

i know this is all long winded, but this IMHO is some good information.

but still standing on the fact that it had nothing to do with boonex or dolphin. weak passwords, unencrypted passwords, in some cases shared hosting environments (do you actually think they would tell you the server was compromised?). there are so many factors in this ordeal, that it really does take some investigation. server logs would be the first place i would go.

Firewall your local pc, firewall your server, require authkeys on ftp, ssh, and any other secure login you can conjure up on a server, most specifically a shared environment, when you have no idea what is hosted on there.

i think i talked about this last year when 6.0 was getting torn off by the remote shell script. if there is hosting for $1.99, that is an attraction to a clan of script kiddies, they can save one days lunch money and get a hosting account for a month. shared environment is a childs playground when its not managed. so with that $1.99 they are able to load up a php remote shell script, basically access every site on the server, read databases, read passwords on the database, change or add passwords and users to the database. i know this first hand, not read it anywhere. this was part of my case study on server security and i have continued to remain active in research and development consultations where servers and server applications are involved.

at any rate, hope some find this information usable.

Regards
DosDawg