-
- 1 Posts
We had a website developed for us by an external company then placed on a shared web hosting solution with 1and1 which got hacked yesterday. It seems someone had exploited ./assets/snippets/reflect/snippet.reflect.php to run some malicious code which created a PayPal Phishing site on our server. To 1and1’s and PayPals credit they both notified us of the intrusion pretty quickly and disabled the suspect files.
I’ve read a lot about Register Globals having to be set to ’Off’ which was definately the case, so how else could the site be jeapordised?
My knowledge of PHP is extremely limited and unfortunately we cannot contact the original developers any more.
Any pointers in the right direction would be gratefully received.