On Feb 24, 2012, at 1:07 PM, David Mintz wrote:
> Unfortunately I do not know how this happened; don't know if there is a huge
> vulnerability in one of the apps up there that was exploited, or if it was an
> inside job, or what.
Our company wordpress blog was compromised a few months ago due to a
vulnerability in the "timthumb.php" image resizing script in one of the themes.
http://www.terranetwork.net/blog/2011/08/new-vulnerability-in-many-wordpress-themes/
The hackers uploaded a couple files that trick the server by starting with a
gif signature but then have php code in them. Those files than open a backdoor
that allows for additional scripts to be uploaded that essentially give shell
access to the compromised machine. In our case, the rest of the machine was
locked down enough that no harm was done.
Anyway, that might be something to look for. Good luck.
-Rob
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show-participation
