My website was hacked last year and someone had uploaded a script which was hogging up all CPU and load avg went up to 30+ till our hosting provider temporally suspended the account, that was a few days after installing WordPress (I didn't know PHP is so vulnerable to hacking). I had to disable many options in php.ini and after that there was no problem with my site for over 300 days.
But since the last few weeks someone is again trying to defame the site. He is constantly uploading malware to my site. But the worst part is the malware is not always there, it is only detected by Google Webmaster that too once in few days. I removed WordPress, now it's all static HTML (as I feel PHP is not that secure) and still the hacker is able to inject malware once in a few days for few hours only.
A page gets blocked by Google Webmaster and no other pages are touched. I changed all my HTML and CGI files to a different permission. Apache cannot write on any of the folders now, removed all PHP scripts last week and I thought that should safeguard my website from future attacks.
But this morning, when I visited Google Webmaster, I was surprised to see a warning of my website having malware! And that too in an "apk" file this time.
Question:
So my question is, how on earth someone is able to upload a malware which gets downloaded automatically when an APK is accessed! Even when there is no permission for him to write to that directory!
I have been programming for the last 10 years and this is beyond me. Nothing in the Apache logs, nothing in any folder. The file modification search also shows nothing is touched since the last 10 days and yet the hacker manages to allow a malware to be downloaded along with my apk and that too only for few hours (So he puts something there and comes back to remove it?)
And my website is not even that popular, don't know why the hacker is wasting his time and mine in being so aggressive, but he does seem highly motivated as he is doing this consistently since the last 2 months.