How do they do it?

Recently, one of my web sites got hacked and someone has uploaded hosting content to my site. I concluded that they had FTP access to my site, but how did they get my username and password?

I use a fairly long password which is very hard to guess and anonymous FTP access is disabled, so how would they get my FTP account info?

are you using shared hosting? that's why many people go and get vps instead of shared hosting... you only managed your own server.. but do this only if you have a large traffic site..

__________________
Myspace Proxy Myspace Proxy Myspace Proxy Myspace Proxy Myspace Proxy Addicting Games Redtube Download Myspace PRoxy hostingotube Dowbload | Naruto Wallpaper

well it can be happened if someone hacked into root or your resellers account. Well I don't think we can do much about it. risk is always there unless you go for a dedicated server.

__________________

O my god!
I am new to all this hosting seen and would really appreciate it if you could tell me which hosting you have been using when this happened. I am just trying to be extra careful. thx!

__________________
look for freelovenews.com in 2008. Free tips about everything "love"

All standard ftp is non encrypted including username and password during login. Sheer volume prevents most of these from being overheard.

Your login info was emailed to you when you signed up. AWAYS change that password as soon as you get your account. Email is not private.

Do you use and online chat or IRC? These are the quickest place to get a key logger added to your computer if you don't have up to date virus and worm protection.

__________________
ScriptMan
Host unlimited domains as low as $2.95 month

they could have used telnet if your host hasnt banned it. im pretty sure you can do that with telnet. but almost everything has telnet banned now-a-days.

Agreed.
You should diable telnet and open SSH (port 22) only.
Software like F-secure SSH client with built-in terminal & file transfer features.

Good luck.