Well today I got hit with a nasty htaccess hack. Somebody hacked my ftp login details and changed the htaccess on all my sites to redirect search engine traffic to their site. From looking around on the web I believe it was this. Code: http://www.rockshirtplaza.com/hackTrak/ This happened while I am selling my site, a site receiving a lot of search engine traffic and I am looking to get 25-30k for it so this might end up being quite costly since it has made my bounce rate 98% for the past 24 hours and that will likely affect my rankings. After talking with my tech guy and to my hosting we believe the problem was my password was too simple... So here's the lesson guys. Make sure important passwords like ftp, cpanel, important emails etc. are all very long complicated gibberish with capitals, numbers and symbols. I have also read I shouldn't be using fireftp a firefox plugin for my ftp access because since it uses the browser to connect, there are vulnerabilities. So I now use a desktop ftp program. Anyways, just wanted to share, so if any of you are currently not using long complicated gibberish passwords you will change them now before you learn the hard way like I have. I know, dumb mistake on my part, but I am sure a few of you are doing the same, and I just wanted to save you the headache. Also anyone with any info on further ways to secure a FTP or cpanel login, or other vulnerabilities to watch out for, I would love to hear it. Edit: if your using wordpress you may have a timthumb.php exploit. Info from Redstone.1337 Use your cpanel to search your sites for a timthumb.php file and delete it or update if you have one on your site. More info here Code: [URL]http://timthumb.googlecode.com/svn/trunk/timthumb.php[/URL] Thank Redstone below for pointing it out. I guess there was an announcement here on BHW too that I didn't see. If there is just one site on your server with the file, they have access to all of your sites.