How to identify security loopholes in a website that has been hacked to send spam?

[Azam.net]

I've been informed by our webhost that one of our sites has been hacked. By gaining unauthorised access to the site, hackers have been able to send out spam using our domain name (using from: xyz@ourdomainname.com in the spam).

We've been asked to remove these violated files and close any security vulnerabilities before the webhost can restore the site. We've been able to identify the files and removed them.

However, how can we specifically pinpoint and close any security loopholes so that it doesn't happen again? The site is using lots of scripts etc. so we don't know where the vulnerability could lie.

We've ran lots of sites since the 1990s and never had a single security violation, so this situation is a new one to us.

Thanks a million for any advice.

[Tynan]

I can't help with any techy advice but is it shared hosting and of so with which host.

And have you googled this issue with regards to that host? I only suggest this because I've had this a few times over the years with many users adamant that once a hacker has broken into one account they can get access to all the other domain on that server, although the hosting company refused to discuss the matter

and of course someone that can hack a site can disguise the sending domain

and do any of your scripts send email?

and have any new files appeared on your domain?

and has any new lines of code appeared in any of your likely scripts?

change logins and ftp passwords

all lo tech numpty stuff obviously