2012-04-01, 19:33:10
Here's their latest effort :
"The timthumb script was pulled in after access had already been breached due to the compromised script which is the reason for the xo folder existing. A GET command (a type of http request) was then used to transfer data into your webspace;
GET /xo/ix-xyz-graph-paper//wp-content/themes/widescreen/includes/timthumb.php?
The issue here is once the site is compromised and the hacker has control any number of files can be modified so the real issue is the compromise itself rather than what was done after. This appears to be the gallery plugin used by your site and I recommend updating the plugin from a known clean source such as the developers site to prevent this happening in the future."
"The timthumb script was pulled in after access had already been breached due to the compromised script which is the reason for the xo folder existing. A GET command (a type of http request) was then used to transfer data into your webspace;
GET /xo/ix-xyz-graph-paper//wp-content/themes/widescreen/includes/timthumb.php?
The issue here is once the site is compromised and the hacker has control any number of files can be modified so the real issue is the compromise itself rather than what was done after. This appears to be the gallery plugin used by your site and I recommend updating the plugin from a known clean source such as the developers site to prevent this happening in the future."
djr.heliohost.org/me