I think i may have figured it out im still going over the log as you suggested though. I got my webhost to fix the issue the hacker was causing and with your helpful suggestion i started to think what i had been doing lately.
You were right in the last 2 weeks i had upgraded CB to the latest version and was going through the whole trial and error issue of using image magick for my avatars for my users so they could have animated ones etc instead of using the GD2 process.
While doing this i FTP'd an entire directory of image magick to my root directory.
I am still scouring the log but am almost certain that a file in this directory was being used as the hackers "backdoor"
I have since upgraded to 1.5.25 and removed the directory but am now thinking the hacker has had time to create another directory or compromise my database.Should i scrap my database altogether (sorta don't want to do that)
So now my question is how to i get CB to use image magick instead of GD2. I have already questioned my hosting provider and they say that it is installed but CB doesn't seem to pick it up in the configuration as being installed when put on auto?
Your help with this would be fantastic to save me further compromises of my data and me and my trialing and erroring
And a 2nd question i dont suppose you could suggest a good free anti-hacker tool that may be of some use. I had sitegrounds jhackguard on there but i dont think it was to helpfull when i gave the hacker a backdoor.
beat
