Quote:
|
Originally Posted by SinSational
the second issue was permissions. the customer had some script running with a file owned by apache.apache and 777. once we changed the permissions the javascript trojan went away, and the iframe insertion to uniqcontent went away as well.
contact me if you have any other questions.
|
Seriously tho.
It doesn't really matter if that file is 777 (some scripts really need that) most php writes that are not run through cgi.
The problem is with the script that allows an attacker to execute/upload on your server.