Quote:
Originally Posted by sparek-3
The account that was hacked was probably running an old script, such as an old version of Wordpress or an old version of Joomla, which malicious users exploited to gain access.
Or the owner of this account has a virus/trojan/keylogger installed on their computer which is stealing their username and password and sending that information to hacker groups.
|
Yes. It most likely.
Seems that they hacked about 50 websites with those scripts.
It is unbelievable how many things you can do with php running in suphp, with open_basedir in effect and other security.
It's like having no security at all.