So, I’ve been dealing with a client’s hacked server for a few weeks now. I thought I’d cleaned it up a few weeks ago, but stumbled across some ‘symptoms’ of this hack. This lead me to dig a bit deeper, and I found this AMAZING write up of this particular attack by The Domestic Enthusiast. The article is here.
This hack will work on any PHP framework. So, if you are running up a straight up PHP site, Joomla, Drupal, or WordPress, check it out. It’ll save you hours cleaning up a mess.