I found out somethings:
- Hackers Googled for weak sites, mine was one, the search on 'inurl:page filetype:php include failed' – this lets them ID sites that recorded errors on includes.
- Because of that error the hacker was able to search on some other files in the site that had no links to them (i.e. dead pages) but they still worked.
- Because of poor programming practices, I had left a backdoor into my blog edit page, and well they found it.
I am tightening up the site, so hopefully it won't happen again. I also contacted Adelphia.Net for the IP Address. I will update soon.
(afternoon) Just got an email from the hacker asking not to report him… I replied and explained that they cost me money and time this morning that kept me from my work. I am not sure if I will do anything legally but… Time will tell…