From: Mike N. <mh...@us...> - 2005-02-25 19:36:38
|
Everyone, Our website was cracked using the phpWebSite announce module. A file named nst.gif.php was uploaded to images/announce. I've removed the file and locked down that directory. Also, I changed our database password and hub_hash. I'm in the process of diffing the last mysqldump. I'll keep everyone apprised of my progress. phpWebSite-0.10.0_exploit http://www.securityfocus.com/archive/1/391496/2005-02-21/2005-02-27/0 -- Mike Noyes <mhnoyes at users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs |