Hacker attack

Three times this month one of my sites have been hacked. The first time only the index.php file was compromised. The latest time (sunday august 27) was much more serious. Someone planted malware in the template folders, with the result that people going to the site got a phishing message claiming to be from Bank of America.

Someone immediately contacted Bank of America, who contacted my web host, who suspended the site. Later on I got a nasty message from the host, telling me that my site had contained illicit material, and if they found it once again, my account would be terminated.

I really don’t know how they managed to go into my account. The password was rather fresh and 8 characters. Maybe there is some vulnerability in my recent version. But just now I cannot upgrade, because I’m running the plugin MyGallery, and it is not working under 2.2. So before I upgrade, I have to find another solution to the problem with pictures. And my, it’s a job to upload all the pictures once again.

Are there some known issues about 2.1.3, vulnerabilities that I could protect myself from?

This is really concerning me!

/EGW