On 20 December 2012 09:11, Jason Irwin <span dir="ltr"><<a href="mailto:jasonirwin73@gmail.com" target="_blank">jasonirwin73@gmail.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">On 20/12/12 00:22, Martin wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Comments and observations welcomed. Sorry for any problems caused by the<br>
scumbag infiltrators.<br>
</blockquote></div>
I would try and identify the payload (it's probably a known Wordpress/Apache/PHP/Whatver exploit).  That would hopefully give you more clues on how they got in, what to look for and how to prevent it in the future.<br>

<br>
"auth.php" sounds like some kind of log-in page.  So did someone upload that, navigate to it and then use it to break open the site?<span class="HOEnZb"><font color="#888888"><br>
<br>
-- <br>
Jason Irwin</font></span><div class="HOEnZb"><div class="h5"><br>
<br>
______________________________<u></u>_________________<br>
Nottingham mailing list<br>
<a href="mailto:Nottingham@mailman.lug.org.uk" target="_blank">Nottingham@mailman.lug.org.uk</a><br>
<a href="https://mailman.lug.org.uk/mailman/listinfo/nottingham" target="_blank">https://mailman.lug.org.uk/<u></u>mailman/listinfo/nottingham</a><br>
</div></div></blockquote></div><span style="color:rgb(34,34,34);font-size:13px;background-color:rgb(255,255,255);font-family:arial,sans-serif"><div><span style="color:rgb(34,34,34);font-size:13px;background-color:rgb(255,255,255);font-family:arial,sans-serif"><br>
</span></div>Sounds like a case for some carefully sandboxed testing... Care to</span><br style="color:rgb(34,34,34);font-size:13px;background-color:rgb(255,255,255);font-family:arial,sans-serif"><span style="color:rgb(34,34,34);font-size:13px;background-color:rgb(255,255,255);font-family:arial,sans-serif">post the offending file for analysis?</span><br style="color:rgb(34,34,34);background-color:rgb(255,255,255)">
<div class="gmail_extra" style="color:rgb(34,34,34);background-color:rgb(255,255,255)"><br></div>