I just found this site: asta-killer dot com

and as you can see, it's a copy of mine index on astahost: http://qzone.astahost.com

the strange thing is that when you enter something like: asta-killer dot .com/list/
a directory or file which doesn't exist, you get an error, but the error is from my php script on astahost..

So that means that that index file isn't only copied html, but also somehow they got my php source? what a hell is that? then OK I thought it is a remote thing, but it's impossible on my account to get such an error at all, because the file exists and it is including on any error..

So somebody hacked my account on Astahost in a quite easy way? got the php source and the .htaccess file, due to that error could only evaluate through a my .htaccess file: ErrorDocument 404 /e.do?error=404

but the file which can't be found is not in the public_html dir, so what a hell is that? I just found it through google..

Any ideas? it also can't include the file through php, because I think it has my absolute path..

If the php daemon can read it, other people on the server can read it. It's more likely to be a htaccess on their website, copying each request to your website.

so what can I do about it to prevent this kind of stuff???

Just a funny suggestion : if you could suffer a downtime for your official site, I woul try temporary renaming your main folders (for instance rename "forum" to "rename_to_forum") and see what would happen to the pirated site.
Another thing would be chown and chmod the php files (chmod go-r) in order to prevent others from reading.
The last thing woud be to password the folders (that's done in .htaccess as far as I remember).
Good luck
Yordan

To tell the truth, I've done much of those things, my main PHP files are stored not in the public_html folder, I usually password protect my data directories with a .htaccess file, but I do it from the CPanel which is the same if they are in the public_html.. and I never put my passwords in a php file without some encryption which I write myself and I store the passwords with a very good hash in a mysql database if needed, I even only give permission for a mysql user only to SELECT if I am not logged in as an Admin which has a different user with UPDATE and etc. rights.. But I still hate if some sites somehow use the content and put their ads and link to my sites and the strangest thing is that somehow they even could get the file with the php source.. :|

The chmod thing would really be great, but what I always hate! is that the FTP user and PHP user on the same account are different users and I usually use FTP to chmod and upload my files or if I need to edit a file, I do it through FTP, so on different users chmod needs to be different, if only I could use FTP with the user of PHP that it wouldn't need to be 666 or 777 to write to and etc. You know what I mean..

I just think about all those sites by newbies which aren't protected and how easy it can be to hack them..

Sorry, I was thinking about the Unix command line, which is governed by the ssh access here at astahost. I can guess that you have no ssh access, so let's forget about the chmod thing.

You can still use the file manager to chmod files if I remember correctly.