Just sharing a quick example as the title says.
(Niko i know its not really the place, but i think users can definitely benefit from it in terms of what to be on the look out for and i think most would have NFI at what some look like, so im sure you dont mind)
See attached 2 files. What are they, well look at the url and file extension, they are meerly a script (sophisticated enough mind you, and for many reasons will go completely undetected by, clam scan, rkhunter, chkroot, mod sec, config server explot scanner, they are the ones we tested, im guessing many more, its operation is quiet clever) - If you setup properly SuPHP will stop it migrating to other accounts on your server, if you know what your doing that is. If you dont, reading Niko article "777: The number of the beast" would be of benefit, its a great read.
1. A new client came to us, on a dedicated box, with about 200 joomla sites and 300 odd WP sites. Problem was they were having trouble updating some. Decient Setup, all server side updates etc etc.
2. 10 mins later we came across that nasty little script, by chance. Unrelated to the WP issue, oddly enough.
3. For those who it aint obvious for, the script executed from the browser, publically, pulls the equilivant access to do anything you could do from cpanel's file manager. Edit, delete, upload, basically anything.
Moral to the Story: Make up your own mind on how serious you should take things and hosts in particular ;)
(Niko i know its not really the place, but i think users can definitely benefit from it in terms of what to be on the look out for and i think most would have NFI at what some look like, so im sure you dont mind)
See attached 2 files. What are they, well look at the url and file extension, they are meerly a script (sophisticated enough mind you, and for many reasons will go completely undetected by, clam scan, rkhunter, chkroot, mod sec, config server explot scanner, they are the ones we tested, im guessing many more, its operation is quiet clever) - If you setup properly SuPHP will stop it migrating to other accounts on your server, if you know what your doing that is. If you dont, reading Niko article "777: The number of the beast" would be of benefit, its a great read.
1. A new client came to us, on a dedicated box, with about 200 joomla sites and 300 odd WP sites. Problem was they were having trouble updating some. Decient Setup, all server side updates etc etc.
2. 10 mins later we came across that nasty little script, by chance. Unrelated to the WP issue, oddly enough.
3. For those who it aint obvious for, the script executed from the browser, publically, pulls the equilivant access to do anything you could do from cpanel's file manager. Edit, delete, upload, basically anything.
Moral to the Story: Make up your own mind on how serious you should take things and hosts in particular ;)
