We have a server running several ecommerce sites, the problem is a couple of them get hacked on a regular basis and they are managing to upload a file to the server and then run a SSH on the server.
We are constantly monitoring this, but we really want to try plug the hole. Is there anything that could be recommended to do to find out how they get in.
We have the server locked down in terms of the firewall, ftp access only from certain ip locations etc.
The ecommerce sites use a bespoke based ecommerce platform so we are wondering if there is a loophole in our software.
So if anyone could help with any recommendations that would be excellent.