Re: Warning: Iframe based attacks using stolen FTP access info
The Ip for my attacker is 67.238.189.236 out of winter park FL.
They injected iframes into all index, home, default and auth files plus admin/main, admin/admin/main, /include/include/login.php and more.
Then he changed the config file to collect credit card #s, added his IP as an allowed administrator and then hid that page from me.
This person is very familiar with xcart.
__________________
4.1.11
|