Everyone, Our website was cracked using the phpWebSite announce module. A file named nst.gif.php was uploaded to images/announce. I've removed the file and locked down that directory. Also, I changed our database password and hub_hash. I'm in the process of diffing the last mysqldump.
I'll keep everyone apprised of my progress. phpWebSite-0.10.0_exploit http://www.securityfocus.com/archive/1/391496/2005-02-21/2005-02-27/0 -- Mike Noyes <mhnoyes at users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ leaf-devel mailing list leaf-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-devel
