I think I figured out how they got in. I have a vBullitien discussion board on one of my doorway sites. It two installs to get it set up, so the first one was this there, but not active. They hacked the inactive discussion board and put up one of the "we own you" pages. Since it was inactive, I would have never noticed.
I also found an ftp login that I didn't recognize, so I deleted that and created all new ones.
My blog software is also a possible entryway, so I want to upgrade that, but I need help to do it.
Looks like I've got a lot of work to be done beyond my technical knowledge, so I am going to start a new thread looking to hire a techie contractor here in San Francisco. Please pass the word.
Thanks for all the help everybody!
Bookmarks