Maybe i missed that part but are you running forum or something similar. Are you running some free or commercial script?
This kind of script-kiddies run usually one script that use search engines to search for other website running old and insecure script and then they simple infect it through weakness into code, leave message about defacing and go away.
You can see for example a lot old version of VB, phpBB infected.
Setting .htaccess file with example:
Code:
<Limit GET POST PUT>
Order allow,deny
deny from All
</Limit>
may help but not a lot. If there is code inside that they use only thing that can help is to update your script.
Try this crackertracker script by include it into first line of your codes. It may help to block many attacks:
Code:
<?php
// Cracker Tracker Protection System
// Created by: Christian Knerr - www.cback.de
//
// License: GPL
//
//
// Begin CrackerTracker StandAlone
//
$cracktrack = $_SERVER['QUERY_STRING'];
$wormprotector = array('chr(', 'wget', 'cmd=', 'rush=', 'union', 'UNION', 'echr(', 'esystem(', 'cp%20', 'mdir%20', 'mcd%20', 'mrd%20', 'rm%20', 'mv%20', 'rmdir%20', 'chmod(', 'chmod%20', 'chown%20', 'chgrp%20', 'locate%20', 'grep%20', 'diff%20', 'kill%20', 'kill(', 'killall', 'passwd%20', 'telnet%20', 'vi(', 'vi%20', 'INSERT%20INTO', 'SELECT%20', 'nigga', 'fopen', 'fwrite', '$_REQUEST', '$_GET');
$checkworm = str_replace($wormprotector, '*', $cracktrack);
if ($cracktrack != $checkworm)
{
$cremotead = $_SERVER['REMOTE_ADDR'];
$cuseragent = $_SERVER['HTTP_USER_AGENT'];
die( "Attack detected! <br />br />$cuseragent" );
}
//
// End CrackerTracker StandAlone
//
?>