I guess this is not that username and password got stolen. You better update and upgrade the server system and software, especially the Apache and PHP version if you have those good luck!!!

The only thing in common between this accounts is that they were stored with its respective passwords in my Windows CuteFTP.

Previously to this, I had to format my hard drive because of a virus. Maybe it stole the accounts information from CuteFTP and use it to spam. It is possible?

What I did is update every password and obviously delete the data_.php files.

Well, I hope we reach whatever is causing this problem.

Thanks!

I have not yet found the problem. From the administrator in the datacentre told me that the script was uploaded through “ftp”. I wonder is it the anonymous “ftp”.

Yesterday we have 4 websites got hacked with this data_.php and we manage to stop it at once, though it already sent 4000+ emails.

I did a system and control panel software update now plus disable the anonymous “ftp” for the whole server and all accounts.

Still checking now, once found any updates will post here

I recieved an e-mail from our server administrator this morning, that he suspended an account because it was abused by a spammer. He sent me the names of php scripts which the spammer might used to send e-mails. And one of the files was, belive it or not data_.php.

I checked the script and quickly noticed that the code wansn’t written in my style. And same as in your case, the script was getting POSTS from some whre and then mailed it out using php mail function.

I was wondering if you found the security hole. Oh and by the way, the site I’m talking about is using Joomla! for it’s framework.