My site was infected with a malicious script (A line of java script code just after the /HTML tag).
I deleted it of course. Now I want to make sure it doesn’t happen again.
I assume that the hacker used some sort of php upload script but didn’t manage to get my FTP password. (I checked for Trojan Horses).
How can I prevent scripts from uploading or editing files? As far as I understand , in Dreamhost , as long as the owner has writing permission, all scripts can write to this directory. Is there a way to pervent it so only FTP user can upload files?