You are 100% correct. An ssh account was compromised that had access to the files. Guessing the attacker did a locate *.exe and found a few in the compilations area to replace with his/hers. So it wasn't our upload system that was compromised it was our secondary file server.
Last edited by Dolby : 12-02-07 at 06:39 PM.
|