Florinda
Tue 6 September 2011, 01:42 pm GMT +0200
Very often the cause is the PC used to upload the site that is infected and steals the userid and password and allows the hacker to enter the site and make changes.
So your first place to look is your own PC. Scan it with multiple different AV adn malware tools to make sure there are no virus or other software that steals the passwords.
Often the one originally stealing your username/password will leave a small piece of program or web page on your site, which allows the hacker to gain access without knowing the username and password in the future. Check for files that seem wrong or that you did not put on the server. e.g. images/gifimg.php or images/gifimg.asp ??? these are likely backdoors and may not have the name I used here. Also check for hidden files and folders .folder or .hidden.php etc..
When you???ve eliminted the threat from any virus/malware, then you can continue.
Change the password of the ftp access, and make the password a strong one.
Repair the files on the website, i.e. remove the inserted code from all files, and delete any backdoors found.
Use the Google webmaster tool to request a review to get the suspicious warning removed.
So your first place to look is your own PC. Scan it with multiple different AV adn malware tools to make sure there are no virus or other software that steals the passwords.
Often the one originally stealing your username/password will leave a small piece of program or web page on your site, which allows the hacker to gain access without knowing the username and password in the future. Check for files that seem wrong or that you did not put on the server. e.g. images/gifimg.php or images/gifimg.asp ??? these are likely backdoors and may not have the name I used here. Also check for hidden files and folders .folder or .hidden.php etc..
When you???ve eliminted the threat from any virus/malware, then you can continue.
Change the password of the ftp access, and make the password a strong one.
Repair the files on the website, i.e. remove the inserted code from all files, and delete any backdoors found.
Use the Google webmaster tool to request a review to get the suspicious warning removed.