I just noticed that one of my php sites was hacked. The hacker added some invisible links to the bottom of the homepage. This is funny as site doesn't use a sql database.

I guess I'll change my file permissions to 444.

Any other suggestions?