

Unobfuscating and Attack - a look into an evil PHP script - alanpca
http://alanp.ca/blog/2010/07/13/unobfuscating-an-attack/

======
jtagen
Seriously? Who allows uploads to a web-accessible directory with execution
enabled?

There are so many options that can be transparently used to protect against
this without randomly searching for uploaded web scripts.

~~~
alanpca
It was uploaded through a client account via sftp, not injected into the
actual directory by any other means. I think that's outlined in the post.

