I'm really glad I found this site and have much reading to do.
I have many simple websites at 6 or 7 hosting companies (all shared servers).
1 seems to get hacked a lot by Remote File Inclusion.
Seems the hackers scoope out the sight several times before they actually implement code (per much time reviewing raw log files).
After getting all my sites hacked into about a year ago, I added these to my htaccess file and stopped all so far (yet I hate to block any ips):
deny from 78.129.
deny from 77.92.
deny from 212.175.170.
allow from all
This month I had another hack on the same "bad server" where I've traced all IP from the raw log files once again being compromised from many IPs yet major code being sent from 18.104.22.168 Kuala Lumpur, MY (Malaysia).
I'm aware that blocking IP blocks is not a good idea, yet find I would never have target viewing in these countries.
I've been thinking for 2 years now about moving 80+ domains from this server company yet I like the simple front end.
I'll share all knowledge I have on this subject and am fully open to suggestions!