I got back from Cellardyke tonight to discover that my site had been hacked once again. This time I didn’t delete the files they’d dumped on my server; I’ve zipped them and sent them to my webhost for examination.
I’m now wondering if they’ve used a Linux kernel exploit to gain root access to the server. That’s pretty serious stuff, and if that is the case then I do hope my webhost get the kernel patched asap. If it’s not, then I hope they help me get to the root of this problem.