[eluser]InsiteFX[/eluser]
If your index.php was hacked, you should make sure that it has it chmod settings 644.
Correct chmod Permissions:
Permissions for world-readable (but not world-writable) folders are 755 (rwxr-xr-x).
Here is one thing I do!
Permissions for world-readable files are 644 (rw-r--r--).
A folder needs 777 permissions if PHP needs to
a) dynamically create new files in it, or
b) delete existing files from it.
There are only two situations where world needs write access (777 / 666),
and both only apply if your server is configured with PHP as an Apache module:
A file needs 666 permissions if PHP needs to
a) open the file and write data into it, or
b) copy another file to the directory entry currently occupied by this file.
As far as security scanners I am not sure what others are using!
1)
One big mistake I see users making is this
In all classes, models and libraries this should be on top not just <?php!
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
2)
All directories and sub-directories should contain a copy of the CodeIgniter index.html file!
InsiteFX