Site hacked

Hi. I would appreciate some help and advice.
My site has been hacked twice in the last few days and each time it has been by placing a php file in the vbSEO_sitemap folder. This folder is chmoded to 777 as per the installation instructions.
I realise that it needs to have write access for the sitemap to be written but how on earth do I stop a hacker adding php files when that folder is wide open like that?

Both vB, vBSEO and vBSEO Sitemap are at the very latest versions on your site.

Any ideas and help?

Hello Dave,

The only one folder that needs to be chmoded to 777 is the "data/" folder (inside vbseo_sitemap/ folder), *not* the "vbseo_sitemap/" folder (it needs to keep permissions set to 755).

Sorry yes as soon as I posted that I wonderd this... I now can't be sure whether I did set that properly. So if I have the .htaccess file there and only set chmod 777 on the data directory it should be perfectly secure?

The htaccess file in the writable file stops direct script execution. Make sure it is in the /data/ folder correctly.

If you are not on apache, you will need to convert those rules to your web server system.