[development] Fully patched site hacked and cloaked
Sam Tresler
sam at treslerdesigns.com
Wed Jan 27 19:00:11 UTC 2010
Is that possible with an up to date .htaccess?
On Jan 27, 2010, at 1:57 PM, Jeff Greenberg wrote:
> On 1/27/2010 12:43 PM, Matt Chapman wrote:
>> Also FTR, I've seen a similar (but not quite identical) sort of
>> attack
>> on a xcart installation on another host.
>>
> I've seen the osc / xcart attack. They created a subdirectory in the
> image directory... /yahoo ... and put an index.php file in it. The
> file checked the query string for a value. If it wasn't there, it
> would simply display an osc heading. If the value was there, it
> grabbed a base64 value from the query string, decoded it, and called
> eval against it.
More information about the development
mailing list