30 Dec
2012
30 Dec
'12
11:41 p.m.
Andy said:
Upon further investigation it appeared that around
30th November one
of the site's legitimate Wordpress admins had logged in from an
unexpected place (a Tor exit node) and had uploaded a PHP file which
appeared to enable full filesystem traversal, downloading of file
content, shell command execution as Apache user, etc.
Is this something that was uploaded to the WordPress wp-content/upload
directories or as a plugin / theme?
Ian