30 Dec
2012
30 Dec
'12
11:47 p.m.
Hello,
On Sun, Dec 30, 2012 at 11:41:34PM +0000, Ian wrote:
Andy said:
It was uploaded as a plugin.
Cheers,
Andy
--
http://bitfolk.com/ -- No-nonsense VPS hosting
Upon further investigation it appeared that around
30th November one
of the site's legitimate Wordpress admins had logged in from an
unexpected place (a Tor exit node) and had uploaded a PHP file which
appeared to enable full filesystem traversal, downloading of file
content, shell command execution as Apache user, etc.
Is this something that was uploaded to the WordPress
wp-content/upload directories or as a plugin / theme?