The most common hacks for an index page is replaced with some other code thus defacing your website. It is likely that the hackers accessed your client’s web site through an insecure or poorly coded/old script, or their PCs are infected, or the hackers guessed their “weak” passwords.
There are three possible ways for a Web site to get infected with IFrame or JS code defacing an html page, despite the fact that the web server is secure:
1. poorly coded or insecure scripts (custom built and/or old version of a Php application such as WordPress, or vBulliten, or PhpBB, etc.)
2. weak FTP password (easy enough to guess by a hacker/spammer) People often use obvious passwords such as the names of their children or their house number in order not to forget them. However, the simpler the password, the easier to detect. Using strong passwords lowers overall risk of a security breach.
3. compromised PC/laptop. The vast majority of the defacing around 90% takes place on websites with:
4. Custom Php scripts including Magento extensions. It is unfortunate that the vast majority of these extensions are poorly coded and might be used as a back door to hack a web site using Magento. Also, Open Source Php scripts including forums, Joomla and WordPress.
That said, a hacker with a special script can access a client’s web site and instantly adds the hidden IFrame JS code to a Web page. This is how a Web site gets compromised, although your dedicated server is secure. It makes no difference what permissions the folders and files are set to, or what security measures was implemented on your server; your client’s web sites might be compromised again and again.
I suggest you ask your clients with infected sites
1. Clean up their PCs (OS reinstall if necessary)
2. upgrade their Php applications to the latest version and secure them by applying any security patches available from the authors.
3. Not to install any Magento plugins, widgets, or extensions as they are not written or coded properly. Permit me to reiterate, the vast majority of Magento extensions are insecure.
4. If they use phpMyAdmin make sure it’s password protected.
5. If they suspect a hacking attempt, ask their host to change the login password for their web account.
6. Make sure all the Admin and Mod passwords are secure. Change them if you have any doubts. And use hard to guess passwords.
7. NEVER allow HTML in posts or PMs or in signatures.
8. Make absolutely sure there are no viruses, trojans or keylogger spyware on your PC. Any of these could steal your password and other personal info.
9. Do NOT allow any body to upload any files to your Web site.
10. Do NOT give or allow SSH access to any of your clients and/or developers.
Hope this helps.