Hello,

My account was suspended because of a phishing site set up on one of my sites. I'm trying to figure out how this happened so any held would be appreciated.
Here`s my situation:
I have 2 domains set up on my account; let's say:
X.com which have an Xzeroscript for classifieds
and
Y.com which has script for searching music.

One possibility I have in mind: I gave an FTP access (to a programmer) to the main folder of Y.com but the phishing site was set up in X.com folder. Is it possible that he could do this even if has the access to the folder of Y.com?

If not, how could it happen??

Thanks

Never give out your password and ftp accounts to people you do not know or trust, There are many ways people can get access to your site and deface it so i'd rather not get into that perhaps someone else might. Do you have a backup of your site, you should always create backups of websites incase something happens. Ask the nice people at Hostmonster to restore your server back to the default settings wiping everything giving you a fresh start to never give people access to you're server you do not trust.

Remember doing this will delete everything on you're server, after that change all the passwords so he will not get back in.

P.S Hostmonster doesn't condone Piracy even if it's hosted on 3rd party servers, perhaps it was suspended on the grounds of piracy.

I already deleted all the folders and ftp accounts and I'm going to restore my backup.

But my question is still: is it possbile that he could've done that through the ftp access even if it,s not the same folder?

yes its easy to get all the way to your home directory with one php file installed anywhere in your file structure

I already deleted all the folders and ftp accounts and I'm going to restore my backup.

But my question is still: is it possbile that he could've done that through the ftp access even if it,s not the same folder?

Yes it is very much possible. As mentioned above PHP scripts anywhere in any fiolder provide access to the home. I am not much into programming but there are very easy codes (for eg $SERVER_ROOT .. something like that) provides you access to the root.

Use all basic precautions like not sharing pwds, password protecting folders etc. In case if it is important to share passwords, change them immediately after the outsourced work is done & check on your own if some unwanted files/code has been put in.