Sites, especially popular ones, often become targets to hackers & robots who find vulnerabilities on the server or in your forms & scripts which allows them to inject malicious code into web pages. I had this happen about 2 years ago on a dedicated server. Fortunately, the files on my local drive were clean so I was able to replace the remote site in a few hours.
How did it happen? According to the hosting company nothing was wrong at their end. So we may never know exactly how the hackers got in. The server hosted 5 sites at the time but only one site was hacked.
WordPress and other open source frameworks are especially attractive to hackers. If you use PHP & MySql, take necessary security precautions.
Use strong passwords for everything. A minimum of 17 characters, alpha-numeric, upper & lower, with symbols. If you can remember your passwords, they're not strong enough. Write them down. And change your passwords regularly.
Consider getting Secure Live which stops & blocks attackers IP addresses and sends them to the FBI's database. https://www.securelive.com/
Your site was hacked, if at all it was hacked, is because you had a very bad password security system. Any passwords less than 14 characters long (made up of letters- uppercase, lowercase and digits), is unsafe.
All my passwords are now 16 characters long and made up of upper/lower characters and digits. This is changed every 6 weeks.
Also, don't use the same password everywhere because if one site is hacked, all your sites are hacked!!!. That's expected. Yahoo has been hacked 3 times in the last 6 months and so they have been losing customers like BT - one of the biggest customers you can have in the UK.
Thank you to those who took the time and effort to answer.
Based on the answers, I must not have phrased my question properly.
I believe that something got into my Dreamweaver files and took the passwords from there.
What I am questioning is:
- is it an undected virus on my machine
- A virus on one of the servers
- An Adobe issue
I understand the point about passwords being cracked.
The 7 sites all had different passwords and usernames. Two were straight up HTML with no JS or php at all.
As far as being popular sites - the average is 400 visitors a month with the highest being 1600 - I personally wouldn't call that popular
None of the sites were Wordpress or any other type of CMS.
There are as many ways to hack a site as there are right handed programmers on earth. In my case my hosting company's entire group of servers was the victim of a defacement hack perpetrated from "within" the company. In other words a client with a site hosted on thoses servers correctly guessed an administrative password and globally replaced all index.html and index.php files on the server. Keep good backups locally.