[development] Fully patched site hacked and cloaked

Sam Tresler sam at treslerdesigns.com
Wed Jan 27 19:00:11 UTC 2010

Is that possible with an up to date .htaccess?

On Jan 27, 2010, at 1:57 PM, Jeff Greenberg wrote:

> On 1/27/2010 12:43 PM, Matt Chapman wrote:
>> Also FTR, I've seen a similar (but not quite identical) sort of  
>> attack
>> on a xcart installation on another host.
> I've seen the osc / xcart attack. They created a subdirectory in the  
> image directory... /yahoo ... and put an index.php file in it. The  
> file checked the query string for a value. If it wasn't there, it  
> would simply display an osc heading. If the value was there, it  
> grabbed a base64 value from the query string, decoded it, and called  
> eval against it.

More information about the development mailing list