[Nottingham] A Google Webmaster Scam?

Jason Irwin jasonirwin73 at gmail.com
Thu Dec 20 09:08:40 UTC 2012

On 20/12/12 00:22, Martin wrote:
> Comments and observations welcomed. Sorry for any problems caused by the
> scumbag infiltrators.
I would try and identify the payload (it's probably a known 
Wordpress/Apache/PHP/Whatver exploit).  That would hopefully give you 
more clues on how they got in, what to look for and how to prevent it in 
the future.

"auth.php" sounds like some kind of log-in page.  So did someone upload 
that, navigate to it and then use it to break open the site?

Jason Irwin

More information about the Nottingham mailing list