While I know that there are viruses that can steal your FTP credentials from common software programs, are you sure that that is what is going on here?
The most commonplace method I've seen to inject this sort of thing into files is simple shared hosting with poor security practices. Once a hacker gets into one site on the server, he can run a script that simply searches for *.php or *.html and injects his code into anything it finds. Thus he's got his code on dozens or hundreds of sites instantly. Make the script run every so often, and you keep getting "hacked" over and over again. Solution in this case is two fold: 1. Correct the permissions. 755 or 644 for everything. Unfortunately, sometimes this is ineffective (poor security config tends to be *really* poor). 2. Switch hosts to one that knows what they're doing. While I don't doubt that people have gotten hacked based on stolen FTP creds, it seems more likely to me that this sort of code injection is done via bad shared hosting instead. -Otto _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
