Quote:
Originally Posted by Blackcrow
The problem is NATS and ElevatedX both use eval so it cant be disabled for most webmasters. The best I can tell this hacker has 2 modes of operation; he either breaks into the nats admin and uses the templates (or upload documents) to inject code or he uses outdated versions of myphpadmin. You should have IP access turned on for NATS and IP restriction on your myphpadmin install.
|
We have seen more exploits with people running phpmyadmin than anything else. People really need to lock these down better with htaccess.