I maintain a small website for 2 friends & relatives' home businesses. Yesterday, I received a call saying that the website "looked strange". So I checked and sure enough, each page on the website had embedded into it a seemingly random url to websites with dubious content (password hacks, gay chat rooms, yada-yada).
I checked the files on the website through the site's control panel (directadmin) and it is obvious that every HTML page has been changed. The timestamps are all pretty much the same.
I've contact the webhost's tech support about this and their response is "your site seems to have been compromised....you should change your password". That is all they offered by way of trying to find out what happened and how to correct the problem. It seems to me that this is a poor response. If someone has discovered the password for the site, what is to stop that person, or anyone else from again finding out the password?
I'd be shocked if this was an isolated incident and didn't affect other sites hosted on the same server or on other sites at other locations.
An anyone offer help on how to track down how this may have happened, how to protect against it in the future, and what, if anything, should the webhost do to lock down these kinds of situations? BTW, the web server runs the FreeBSD OS, if that helps.