Hello,
Following the question[1] as put by a reader on my blog post regarding
qualitevolaille.mu, the website could have most probably been compromised
using a vulnerability in an un-patched CMS (Drupal in this case). Other
security flaws could have contributed. However, I cannot elaborate without
a proper analysis of the log files.
So far, a naked eye observation would only prompt me to say a "webshell"
was uploaded on qualitevolaille.mu by exploiting some vulnerability on the
website.
A "webshell" is a remote access tool (RAT) that can be used to execute
commands server-side, run scripts, create/delete/upload files on the
webserver.
[1]
http://hacklog.in/another-mu-website-hacked/#comment-1958917058
Regards,
--
​Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.in.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Sat Apr 11 2015 - 18:27:44 PST