Someone keeps hacking your index.php file everyday and your host does not want to help you. It has been happening periodically, but in past week it is being hacked everyday. Someone amends that file and adds in hundreds of web site addresses to that file.
You have a current version of Joomla content management system 1.5.18. It is only been since an upgrade that your site gets hacked everyday, previously only monthly. Your host said that it may have something to do with an .htaccess file.
Upgrading to a current version of Joomla has made it worse. You will want to make sure you have a .htaccess in your root folder of your Joomla installation. For example /home/username/public_html/.htaccess.
You will want to make certain that your .htaccess file is named .htaccess and not something like htaccess or htaccess.bak. Also, you will want to make sure permissions on your .htaccess file is set to user: read write execute, group: none, and other: read execute. Another thing you can check is your permissions on your index.php file also in your root folder.
Permissions on your index.php file should be set to user: read write execute, group: read execute, and other: read execute. Only your user account(s) should have write permissions on your index.php file. You will want to run both a quick security scan and a scan for trojan horses from Security Center in your administravie cPanel.
You can then ignore this false positive message Possible Trojan - /usr/bin/cpan. It might take a few minutes in order to complete a trojan horse scan. Also, you might want to reboot your server share if possible through your administravie cPanel login. Another thing you can attempt is to change all your web hosting account passwords.
You will want to verify your permissions of your /public_html/ folder. They should be set as follows, user: read write execute, group: read execute, and other: read execute. This is known as seven fifty five 755 permissions. Also, you can look for any suspicious files or folders.
You may need to enable hidden view with cPanel administrative file manager utility. You will want to empty out any cache or tmp folders. Also, you can request your web host move your website to a different server and internet protocol address.
Another thing I thought of is if tomorrow your index.php page gets appended again, you can check to see if there are any rogue processes, scripts, cron jobs, etcetera on your website. If your website gets changed everyday at the same time then either something or someone might have it automated. You can check for any suspicious processes, cron jobs, scripts, etcetera yourself with cPanel.
Also, you can try browing into your logs like Latest Visitors log in order to try to see if some body is accessing your site remotely and appending your index.php file. If you can track down who is a culprit then you can block their internet protocol address using IP Deny Manager under a Security category. For added security you might want to change your .htaccess permissions to six forty four 644.
user: read write
group: read
other: read
Also, I have included contents of an .htaccess file from a Joomla wesite with version 1.5.18 that I had. You can look for any strange items in your .htaccess file. I have not had any problems with that site being hacked in quite awhile with just these basic settings.
##
# @version $Id: htaccess.txt 10492 2008-07-02 06:38:28Z ircmaxell $
# @package Joomla
# @copyright Copyright (C) 2005 – 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##
#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: ‘Options +FollowSymLinks’ may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url’s. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
#
# mod_rewrite in use
RewriteEngine On
#### Begin – Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a