|
|
|
|
|
|
by pjungwir
4723 days ago
|
|
|
Exactly. The attacker-added PHP code to run preg_replace is still there. But it does look quite innocuous! This really points to why when compromised you need to wipe the box and start over from scratch, not assume you can find all the backdoors by auditing the filesystem. |
|
|