And don't be hasty in being nasty...

Never ever save your FTP passwords in any of the FTP programs you use. Your website will get hacked if you save your FTP passwords in a FTP software on a windows machine. You won't loose your FTP information untill and unless you get some sort of Virus on your computer.

If you are using Frontpage and if you create profile for auto-connect then your website will get hacked once your computer gets infected by a virus program.

We have seen such thing happening with websites of many customers and there's nothing much we can do to help them. If a hacker gets connected to your FTP account in one go then there's no way our server can stop the hacker from defacing your website.

After that post I spent days virus, malware, spyware etc. checking and found absolutely nothing on any of the 4 computers I use.

All passwords are in my head - they are not saved in any FTP programmes, including frontpage, on any of my computers.

Therefore the only logical weak link is potentially your servers and I take offence to to you implying it was my fault when it obviously wasn't.

Hopefully this has given you a heads up to check your security.

Without trying to get into a he said / she said type affair, it's all too easy to blame other people for things that have gone wrong.

With the above in mind, the phrase 'the only logical weak link .....' can be a bad thing to jump into feet first, mainly because forum software (most software has flaws, it's just a case of finding them), can be very susceptible to hijacking of various kinds, the only way to stay ahead is to ensure that you are upto date with any maintenance patch releases from the vendor (this could be the forum software, a new version of php, or even a MySQL update that prevents injections), and if a hole has been found but no patch released, then turn it off until such time as a patch is released.

From what I have read on this thread, no one implied, nor suggested that it was your fault. It was mainly an aim at a guideline for anyone that may stumble upon this thread in the future. Storing passwords is a bad thing on any machine, mainly due to an attacker only needing to gain access to 'that' machine in order to access others. The only thing that I have read on this thread, is helpful hints to people that may not be as savvy as say yourself, on what should / shouldn't be done.

A good suggested read would be the hackers handbook, and teach yourself the same techniques that these people use to enter your site.

That is correct Hexosphere. Cassie, WHUK servers are constantly optimized for the best security, hence why FP extensions were removed a while ago; even features which could even give a glimpse of a fail sign are likely to be removed. Nobody implied that it was indeed your fault, you should not take offense to something that hasn't been said.

Bearing in mind that SQL injections, with forum software that is both in-dated and out-dated can easily be affected by this, mainly with the free forums. May I ask what website you are referring to?