Magento

I have had to magento sites in as many weeks get nasties dropped in the var.session folder, what could cause thius and how can i stop it from happening again? Thanks in advanced to anyone that can help.

If you are facing problems of hacking then you have to use some thing that can block hackers. There are some solutions acn you can fix problem from them. The solutions are following

1.  Secure Password Selection
2.  Require SSL or HTTPS for all website pages with logins
3.  Don’t use your Magento password
4.  Use a custom admin path
5.  Close email loopholes
6.  FTP usage should be secure
7.  FTP access limited
8.  Don’t save your passwords on computer
9.  Keep update your antivirus
10.  Restrict admin access to approved IP addresses, Geographical locations or countries.
11.  Use Geographical-IP Magento extension type lock for block access to users.

Another item to add to this good list is to deploy a web application firewall (WAF). Even a simple mod_sec deployment in warn-only mode will help you start detecting application-layer attacks in real time and then eventually allow you to block them automatically. If there are security holes that attackers are using to breach your site, a WAF might help identify them by highlighting malicious traffic.