[Nottingham] A Google Webmaster Scam?

[Jason Irwin]

On 20/12/12 00:22, Martin wrote:
> Comments and observations welcomed. Sorry for any problems caused by the
> scumbag infiltrators.
I would try and identify the payload (it's probably a known 
Wordpress/Apache/PHP/Whatver exploit).  That would hopefully give you 
more clues on how they got in, what to look for and how to prevent it in 
the future.

"auth.php" sounds like some kind of log-in page.  So did someone upload 
that, navigate to it and then use it to break open the site?

-- 
Jason Irwin