Well, this just keeps getting more and more interesting....
Reported the hacking to my ISP this morning and to be fair to them they have been very thorough in their investigations...
What they have found out is this.
1. The damage was done via FTP not DNN
2. The hacker connected using the correct username and password first time. Not a brute force attack.
3. The hacker connected to the server from MY LAPTOP!!!! at 8.27am this morning - IP Address has been confirmed.
4. I had my Windows & Router firewall switched off.
So, Ok, yes I am an idiot. I had been working yesterday on getting my SlingBox working for external access and forgot to switch them back on.
Notwithstanding this, how the hell did he get onto my PC and get hold of my FTP username and password?? The only place I can think this is stored is within Site Settings of Dreamweaver. I know I had my firewall switched off but I am running a laptop with all the latest patches and Hot Fixes, so there must be a hole in XP somewhere that this guy has managed to find. Obviously usually hidden by the firewall.
I'm no security expert, as you can see by me leaving my firewall off, but this seems a very clever attack. He must have found my external router, managed to get onto my internal wireless network, find my laptop, get control of it, find my username & password, decrypt it from Dreamweaver and then launch from my laptop to the ISP server. Not a small task.
Anyway, I've certainly learnt a few lessons today.
Hope this story might help someone in the future!
Trev