unauthorised access to public html

[iPwsite]

How is possible hackers constantly copy files to my Public_HTML folder in order to re direct to different websites.
Although I have a difficult password and change it many times and never shared it with people.

 

[scriptkitty]

How is possible hackers constantly copy files to my Public_HTML folder in order to re direct to different websites.
Although I have a difficult password and change it many times and never shared it with people.

A vulnerability in the site? What type of site software are you running and is it current? Are any plugins and themes you are using current?

Have you reset site admin passwords and ftp user passwords as well? Panel user passwords? How about Database credentials? If I have a site's database credentials, I pretty much have site admin.

You'll definitely want try to identify the vulnerability used in order to secure it and prevent this from reoccurring. Outdated PHPUnit containing RCE vulnerability is one that I see often leading to such exploits, but this is only one of MANY.

A lot of the malicious redirects I see are in the database (likely SQLi) or compromised admin access. Some are the result of JS redirects or html redirects, but mostly done via the database.