Yesterday I received some alarming news: one of the websites I made was hacked.
In the "data" folder someone placed a .php file. This was not uploaded as a WebYep attachment (as the site only uses short text, long text and img webyep elements), and I have not found out yet if snooped my ftp login (as most hosts in the Netherlands only offer ftp access instead of ssl or even sftp).
The file was there for a few days: WebYep did in fact give notice to the users of the cms, but they ignored the warning for more than a week before they got in touch with me.
As the "data" folder has to be CHMOD 777 it is probably the weakest link for a WebYep enabled website. Is there a way to "script" a security solution?
Is there a way to simply delete all *.php, *.js or *.html files within the "data" folder (or "disarm": those files: to replace the extension with something else)?