Quote:
Originally Posted by nico-t
how do i prevent this? ive got ct on a test site so it doesnt matter how, its not yet hacked. What files do i have to change from 777 to something else when i want to prevent it?
|
I don't know HOW exactly they came in through ComusThumbs, but once in the backdoor file starts to create multiple backdoors in other folders of your Server, no matter which domain, and starts infecting writable files (777 and i.e. 666) with some malicious java script.
So if you REALLY intend to keep your copy of CT you should at least ensure that NO files on your server are writable by the user "nobody", and maybe block the IP I've mentioned earlier in this thread from accessing your Server.
Oh, and search for the strings given in this thread with grep, maybe you're already infected and just didn't recognize it by now....