Today, I found some unidentified users with administrator permission found in the admin panel.
Our Magento is v1.9 hosting in BLUEHOST. The CS of BlueHost told me that we may be hacked by someone and put some malware and malicious files in our website.
Now I cannot go to Magento Connect page. It shows 403 Forbidden in page title and "You don't have permission to access on this server." inside the page content.
Our technical support officer told me that the "install.php" file in our FTP server under Public_HTML folder was modified by someone and changed some coding.
What should I do now to solve the problem and prevent the hacking in the future?
Firstly, if you have a backup make sure you wipe your slate clean and roll back to your backup to prevent any backdoors from remaining in your account.
You should also change all your passwords, especially your FTP passwords and stop saving any passwords in your web browsers and FTP clients.
After that, make sure that all Security Patches are already applied to your Magento store:-
Finally, make sure that the themes and extensions that you use are secure and up to date.
Whatever JLHC, suggested you should do that. Apart from those things mentioned do following also.
1) Delete any suspecious files from magento root.
2) Do not use magento admin path as default admin, change it to some custom name.
3) Instead of using FTP use SFTP which is more secure.
4) Block downloader on the production site.
5) Delete all the unneccessary Magento admin users as well as roles created.
6) Use two factor authentication for the admin login or restrict admin login to particular ip addresses only.
7) Do not forget to apply all the recently released security patches released by Magento.
8) Also after rolling back to a backup version apply proper file and directory permissions.