Author: Ian Date: To: Bitfolk Users Subject: Re: [bitfolk] Security incident: Wordpress compromise
Andy said:
> Upon further investigation it appeared that around 30th November one
> of the site's legitimate Wordpress admins had logged in from an
> unexpected place (a Tor exit node) and had uploaded a PHP file which
> appeared to enable full filesystem traversal, downloading of file
> content, shell command execution as Apache user, etc.
Is this something that was uploaded to the WordPress wp-content/upload
directories or as a plugin / theme?
