My proposal to resolve your website's security is a two-pronged approach:
1. Hardening of the Operating System and Web Server
2. Security evaluation of the Web Application itself
The first approach helps reduce the risk of system compromise by ensuring that host-level security is tightened. Generally, a hacker will leverage existing tools from your web server upon entry to gain further control over your site.
The second approach looks closely at the Web Application that represents your actual website, looking for flaws such as SQL Injection, Permission-based issues, information leaks and other attacks, all of which a hacker uses to gain a "foot in the door" to your server.
The usage of days is as follows:
Day 0 - 1: Initial discussion with yourself about previous hack, and to harden Web Server and Operating System
Day 1 - 2: Evaluate system + web server logs to determine likely point of previous hacker entry
Day 3 - 6: Evaluate web application for security flaws
Day 7: Implement final fixes and provide basic report on flaws and system changes.
Requirements:
* Discussion with yourself about the previous hack to establish hacker behaviour
* 'root' / Administrator access to Web Server
Progress Updates:
* Daily Updates via e-mail
* IM Access to myself during the course of the work
Change Control:
* Changes will not be made to the system without authorisation from yourself, and reasons why I aim to implement changes will also be documented and sent via e-mail for your confirmation
I look forward to being able to work with you on this Freelancer project, I do understand that my profile is new on the website, however if there are any questions or concerns, please grant me the opportunity to address these with you so we may work together in resolving the Security issues you have experienced.