On Fri, Apr 18, 2008 at 2:59 PM, Jim Lucas <lists@xxxxxxxxx> wrote: > in the example code above that is injected into the top of the php scripts, > the eval is evaluating the code that is read from the temp file, the temp > file is never moved or renamed. There for it will be removed when the > script is done. Looking at the first post: On Wed, Apr 16, 2008 at 12:13 PM, Al <news@xxxxxxxxxxxxx> wrote: > The hack places this file in > numerous dirs on the site, I assume using a php script because the owner is > "nobody". >From my understanding this means a stand-alone file is written out by a compromised means. If something else has been said I missed it along the way! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
