|
I'm a host myself and I'll take my chances here as to what happened, as I've seen this on one of my customers servers.
The real culprit could be any of the following combination of things:
Old PHP version allowing an easy code exploit
Poorly written PHP/CGI code that allowed an exploit
Error Reporting turned on providing critical info to the attacker to exploit your system
Chances are no matter how good a sys admin, or how great a host you get -- you can still be affected by these things unless from the ground up you build your sites with security in mind which almost no one ever does as it greatly limits the suite of available applications.
For example with PHP you must run with safe mode enabled along with a slew of other options that will need to be enabled to ensure proper security, mind you though that a number of scripts will not run with safe mode turned on.
* As for the attack they most likely overwrote your html/php files and inserted a few lines of code, all you need to do is get an experienced tech to write a script which will go thru every file that has been affected on your system and remove the malicious lines of code.
Good Luck as its a serious Pain in the Ass!
__________________
Managed US/ NL Hosting [ [Reality Check Network ]
Dell XEON Servers + 1/2/3 TB Packages ICQ: 4-930-562
|