About 10 lines and 9.6k of code (alfa-computer.com cialis,Viagra… etc.) have been inserted in every index.php and index.html files in Pixelpost folders! After replacing the files everything seems alright but how someone can modify these files? Is my password been hacked?
Expert opinion wanted about how to prevent it! :confused:

what are the rights on the files? Did the original files also get affected?

chmod is as set by PP .../index.php -644
original files means??? sorry I didn't get the point.
here is whole story...
Basically it is not only a PP problem. After some investigation I found that, every index.* file on every domain hosted on same server was affected.
I have a reseller account and shared IP. These all domains are hosted under one reseller account. Probably reseller account password is hacked! I have already changed all the passwords!
The question is how to prevent it in future?

More than likely it was caused by another user on that server. They probably took advantage of a security vulnerable and ran an automated bot to edit people's files.

The best way to prevent it is to run on a dedicated server. But normally this is not feasible for most people. Besides that you should make sure all of your folders and files are set to the minimum permissions necessary for them to work.

Same story repeated today! Any help?

Please contact your hoster about this.

Done that.
btw what about chmod index to -444?

Basically you would need read and execute rights for all three groups (owner, group and world)