Serious hacker problem

I have a local design/hosting customer who is having a very serious problem with a hacker. My customer provides a downloadable file to his customers in a password protected area on his site. He has to update the download file every week or so, as it changes from time to time.

The problem is that this hacker has broken in and gained access to the file, and posts the file all over the Internet in warez sites. He has hacked to the point where he has my customer's admin login/password, etc. So my customer changed all the passwords. He then got this email from the hacker today:
I got it from your site's poor security. It doesn't matter:

Your account has been closed from the admins with reason: Inactive on registration.
Please contact admins to activate your account

I have ALL the logins. Believe me. That was a nice try to trick me. But, I have ALL the logins. Oh, by the way, that was smart "Sorry, no list for you."

We'll keep in touch. Fix the link for now.
This guy is a real prick. (sorry, I'm angry)

My customer paid to buy a member login script. He paid 100 bucks for a script from www.omni-secure.com . It's obviously not doing the trick. What I need to know is how to fix the problem. Will a better, more robust script do? Does he need to get a dedicated IP and go with SSL? What's the solution to fighting off this arrogant hacker?

Your advice is highly appreciated.

Vito

 

 

 

 

Top