how to protect CI project from hackers?

[eluser]umefarooq[/eluser]
hi
how to secure CI project to be hacked by web hacker file injection and xss one of my project got hacked my index.php and default view was injected by with Trojan downloader script. now how can i make it more secure and un hackable. im really surprise how it can be possible, im using CI to prevent my projects from all these web scams but again using CI also not solving this problem.

[eluser]Johan André[/eluser]
If you looked over the overall security of your server make sure you checked these:

1. Never let people upload files without checking the mimetype. Reject everything except images for example.

2. Be sure to use Active Record for your queries, or do a "manual" clean of the _POST and _GET-array.

3. Move the system out of the webroot.

4. Set the right permissions on things. While developing some people sets the directory permissions WAY to kind.

5. Don't use an account with root-permissions (www or mysql) in your code.

In your case it sounds like someone got access to your server, since it's very hard to change the index.php file in a normal installation of CI.

[eluser]umefarooq[/eluser]
hi there is no file upload facility in project it just a simple one to show only text content and im using Active records for query there can be 1 option either some body has access to server earlier i have deployed around 5 CI project till now no problem i just found this problem today while browsing the project but still can't believe even in my .htaccess file i have set

Options -Indexes