Does anyone know yet exactly where/how this exploit starts? Is it the missing code in functions_portal.php?
I want to make sure that before I bring stuff back up it really is fixed.
As it is my provider has shut my site down as they had uploaded several trojans and were using my server as a point o launch other attacks.
backdoors to look for are:
Ronin
dc
bindtty
tomorrow is going to be a long day