One of my friend's website has been hacked. He runs his website on a linux server.
The hacker has managed to overwrite his index.html file only, leaving other files intact. His password consist of 25 characters with alphanumeric and symbols so its not possible to crack his password hypothetically. Even though it was, the hacker would have deleted all his files or could have done more damage to his account.
So, I was wondering if anyone of you have any idea on:
1) How did the hacker replace the index file without knowing the password?
2) What measures can my friend take so that this does not happen in future?
Many thanks in advance.
if he uses a .htaccess file the hacker could have replaced the directoryindex by that
Chances are, the "hacker" used a known exploit in your web server or other technology version, injecting his own code to do whatever he wanted. It could have been a compromise to the OS, Apache (if that is what you are using), or any other executable running on the OS with an active network connection. I would recommend checking for updates and if you can, scan for any unknown connections to the server and close them, as it might be remove access via the "hacker".