2012-04-01, 20:03:44
devaintfire Wrote:"The issue here is once the site is compromised and the hacker has control any number of files can be modified so the real issue is the compromise itself rather than what was done after."
Yes, exactly, but we would need evidence of WHAT was done BEFORE, log entries of the requests that CAUSED the problem.
devaintfire Wrote:"This appears to be the gallery plugin used by your site and I recommend updating the plugin from a known clean source such as the developers site to prevent this happening in the future."
So far I have not seen anything either pointing to GetSimple or any of the plugins used.
Updating won't help if there is a security hole in either of them. And if there isn't it does not explain how the files could be uploaded.