hacked Backdoor.PHP.Rst.ap

[Xagone]

one of my clients website baker install has been hacked with Backdoor.PHP.Rst.ap
the file was placed in templates
I dont know much about this backdoor, I will try to see if a vulnerability in WSB is at fault or the server, if it's WSB I'll let you know

in the mean while, if somebody know something about this, you can help

[Waldschwein]

Hmm, it could be anything. The best is to search in your server logs, and look where, when and so on they put this file.
Here is (an old) thread: http://forums.invisionize.com/Hacked-t104276.html

If you search "websitebaker" with google blogsearch you'll see an CSRF hack, but it's a bit more complicated to explain how that's working and I doubt it has to do with Backdoor.PHP.Rst.ap ...

Yours Michael

[Xagone]

this backdoor has to be installed in a template to work, but I think the hacker dont know wsb, it install itself as if it was a joomla or a wordpress in templates, so wsb is not as evident in this site (admin has been cache, displaced and secured)