On Wed, Jan 30, 2013 at 4:22 PM, Michael Petch
<address@hidden> wrote:
On 2013-01-30 08:17, Michael Petch wrote:
>
> It must have been done in the past 16 hours, I don't seem to recall
> issues yesterday when I was on the site. I just woke up, glad you got it
> cleaned. Thanks. Do we know the weakness that was exploited to gain access?
>
I guess it is a Nucleus attack if it was PHP injection.
Something like that. I've cleaned out the shit, and I think it works agian, but I guess the PHP injection hole is still there. I can check the access logs and the other logs I got. The attack was performed yesterday.
Thnaks to Louis for reorting this in the first place.
-Øystein