The Security Check Pro info module shows all as ok. However I find that I have 43 rogue articles in the root of my site authored by "none" between January 4 and 22. Where could the vulnerability be, and how can I monitor this?
Is the malware scanner configured to analyze the entire filesystem (Global configuration -> Malware scan tab -> Timeline = any date) and to look also for suspicious patterns (Global configuration -> Malware scan tab -> Deep scan = enabled)?
Does the site have user interaction (for instance, allows user's registration) or is an "static" page? I ask you this because for sites with low user interaction I developed the
prevents unauthorized changes
The "Lock tables" feature must be enabled from main panel:
With this feature no articles should be added even if there is a backddor or someone has acees to the database. Please, check if it's enabled; if so and you get more messages I fear I would have to look for malware in the site, but this have a fee.