On 22 August 2012 12:00, David Lyon <david.lyon.preissh...@gmail.com> wrote:
> I have a customer with a hacked website. > > When I ftp'd to their web-server I found this wart (listed below - saved as > brut.php): > > How did the hacker put it on my system ? What could it have comprimised ? > What > can I do to stop further consequences? > > Reset any management/admin passwords to be safe. Make sure everything running on the server is up to date - OS, DB, Apache etc. Get rid of FTP, use SCP and fail2ban. -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html