Wondering what else I should check on my site.
D6 site, all latest security patches. Have captcha module enabled.
Cleaned out the site of dummy users but I am still getting them to appear on the site. Along with fake comments.
Both user registration and posting comments requires a captcha image verification, but somehow they are still appearing.
What other security methods should I be looking at, or other forms of vulnerabilities that I need to check, to see why they are still being made?
Before I patched with the security update I should mention that the index.php file was compromised somehow and was attempting to post some spam links on the page as part of the render.
No other files were changed and I have since flused the site with the files that are in the codebase (did a replacement of all files with those from GIT).
Site status shows no red flags (settings.php is protected etc.)