This wont happen to us as we dont keep important files and folders with 777 permission. I had sorted this problem for one of our customer and it was lil bit difficult for me to find out which php file was injected by the Kiddie's.
Finally I looked for the files which were included in the index page and one of the config files that was under includes was set 777 permission which allowed the Kid to inject his code at the bottom of the config file.
__________________
UK Web Hosting || Business Hosting || eUKhost Knowledgebase
Toll Free : 0808 262 0255 || MSN : mark @ eukhost.com || AIM : eukmark
A bunch of Sheep led by a Lion is better than a bunch of Lions led by a Sheep.
__________________________________________________
Great Opportunity :: Join our Affiliate Program for FREE and earn 20% commission on each referral.
|