how to save my site from hacking ?

First of all, I would recommend to use linux as os. Never store your passwords in ftp client. Never use old windows without antivirus programs and updates.

Also sometimes your host can be completely hacked and all index pages of all sites changed.

First of all, I would recommend to use linux as os. Never store your passwords in ftp client. Never use old windows without antivirus programs and updates.

Also sometimes your host can be completely hacked and all index pages of all sites changed.

Hmm , this answer is enough? I am also looking for some useful & best suitable answer! Anyone please share your experience, it will be highly appreciated!

Well, first you need to know how the hacker got access to your site.

It could be trough your infected computer, a hacker could have tricked you into installing a trojan that captures keystrokes and collects all the info about your passwords and sites you visit.

It could also have happened trough a security hole on your site. you need to make sure you always install the latest updates of content management systems, and patch the security holes by reading about them.

If you are writing your own code, there are many security practices to prevent SQL injection and XSS attacks.

but my guess is that you had a infected system. I'd also advice not to use windows when dealing with sensitive information, like online banking and uploading files to your servers.

give us a link to your site so I can take a closer look.

Well the big thing is to keep any scripts you're running up to date. If you're running say wordpress it's a bad idea to be running 2.0 when say 2.3 is out. You can say yeah my site is small but the thing is bots go around looking for specific versions so really no one is safe. I can say this from experience with customers with sites that get 1 hit a week and then they get exploited to their surprise.

Update your server and other apps. Patch it whenever new updates are released. Make sure that your scripts and database are hardened. No flaws on the scripts or else you'll get hit with XSS or SQL Injection.

One thing which is most impotent for saving your site from the heck.is remove the black hole of the software or your website.when you are writing code for your site use core oops concept because when you use very advanced features of programing then chances of creating hole is increases.

PROTECT YOUR WEBSITE

Use Antivirus Software
Use Firewall
Use Anti Spyware Software
Use Online Website Scanner
Email Security
Software & plugins updates
Internet Security
Educate Yourself

Another good thing if it is a custom CMS is to keep any config files outside of the public.

So

/public/ - would have your css,images etc

/private/ - not open to the web has all of your config files and such, but no direct access to it from the web

Choose a web hosting service instead of a free host. Many times people are trying to save money and make the decision to get a free hosting service for their website. However, this can make them more vulnerable to hackers because these services are not as secure. A paid service will likely guarantee your security against hackers because they know this is a major threat to website owners. They will also probably offer some type of customers support that can answer your questions or concerns about preventing your site from being hacked.

if you see this file in your theme folder, thats how they did it
timthumb.php (or thumb.php)

just delete it, or if you really need automatic thumbs update it
code.google.com/p/timthumb/source/browse/trunk

There are many tools to protect website from hijackers.
Affiliate Diamond - The Easy Way To Protect Your Affiliate Commissions
HTML Encryptor -Protect Your Web Site From Internet Pirates
HTML Security Report - Protect Visitors Stealing From You
Download Page Protector - Stop Thieves Stealing Your Ebooks And Software Products are some tools.

Protect your site ....

Use safe hosting.
Antivirus
And main thing is use secure and best CMS for website.

@arthegame and @adarsh2k5,

The users @fellowgeek and @goosefrabah gave the two best answers thus far as far as the server goes. The other is how strong your hosting company is toward incoming hackers. Security of your site is an everyday event. You need software that will tell you you need an upgrade when one is available and keep it up-to-date, including themes and contributed modules. New hacks are discovered daily and those who want access to your site pay good money for applications that bombard you. Check your access and error logs of the server to find repeated values of the same IP address within the same second and block them but make sure you are not blocking a spider. Those in the error logs with 404 errors are usually the culprits trying to hack you.

If it's wordpress. move your config one level up, add index to your uploads folder, delete install and install helper and change prefix on tables. And of course have a strong password and something other than "admin" as your user name.

Something like that happened to me before..i got my index page replaced by some page saying i have been hacked. And i found out they hacked me through a file uploader form that existed on my site. It was supposed to be there for uploading images, but it didn't have any security, it was allowing all kind of files to be uploaded. So they uploaded some PHP files through which they replaced my index page :-) So, if you have forms with upload fields, make sure they are secured.

I wrote an article on another site on how to save your Wordpress website - cmshelplive.com/blog/item/97-wordpress-website-hacked.

Get a firewall

Many, if not most site defacements (that is what they call it when your website is change by a hacker) occur because of a vulnerability in your website's code, not a problem with passwords or network/server level holes.

Generally speaking, Wordpress and other content management systems are relatively secure (there is no such thing as a 100% secure website) , BUT only if you keep them updated and don't develop you own plugins/themes (at that point you are taking security into your own hands). Also, 3rd party plugins and other add-ons can introduce their own security problems.

Unfortunately, there is no one-shot way of making your website impervious to attacks. The key is keeping frequent backups, making sure everything is up-to-date, reading and implementing the security recommendations for whatever CMS/framework you are using, and not ticking off a real hacker. Script kiddies are easily foiled, a real hacker isn't.

If it is in the budget, you can invest in a website security monitoring tool/service, but those can get quite expensive.

The easiest way is to restore your site from a version that was saved prior to the site being hacked. If you do have the automated backup service, then you will need to restore your own backup of your website through the cPanel.