Hi,<br><br>Either - weak / default admin password of the CMS (Drupal, Joomla, etc) - trivial<br><br>Or - SQL injection attack that also exploits the CMS - more complex<br><br>Kind regards,<br>Bernard<br><br><div class="gmail_quote">
On Thu, Dec 1, 2011 at 9:13 PM, Muhile Abdulaziz <span dir="ltr">&lt;<a href="mailto:abdulaziz.muhile@gmail.com">abdulaziz.muhile@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Have a client that has a website that is hacked<div><br></div><div><a href="http://www.mkombozibank.com" target="_blank">www.mkombozibank.com</a></div><div> the hack message is <span style="font-family:&#39;Lucida Grande&#39;,Lucida,Verdana,sans-serif,&#39;Avenir LT 45 Book&#39;;font-size:12px;background-color:rgb(255,255,255)">1923TURK-GRUP HACKED bySeRDaR</span></div>

<div><font face="&#39;Lucida Grande&#39;, Lucida, Verdana, sans-serif, &#39;Avenir LT 45 Book&#39;"><span style="font-size:12px"><br></span></font></div><div><font face="&#39;Lucida Grande&#39;, Lucida, Verdana, sans-serif, &#39;Avenir LT 45 Book&#39;"><span style="font-size:12px">please advice how this happened, is it the server or the site itself</span></font></div>
<span class="HOEnZb"><font color="#888888">
<div><font face="&#39;Lucida Grande&#39;, Lucida, Verdana, sans-serif, &#39;Avenir LT 45 Book&#39;"><span style="font-size:12px"><br></span></font></div><div><font face="&#39;Lucida Grande&#39;, Lucida, Verdana, sans-serif, &#39;Avenir LT 45 Book&#39;"><span style="font-size:12px"><br>

</span></font></div><div><font face="&#39;Lucida Grande&#39;, Lucida, Verdana, sans-serif, &#39;Avenir LT 45 Book&#39;"><span style="font-size:12px"><br clear="all"></span></font><div>
<br></div>-- <br>regards<br><br>AA.Muhile Abdul<br>Title:  Creative  <br><br><b>Address</b><br>Plot 145, Kijitonyama Area,<br>P.O.Box 71387<br>Dar es Salaam<br>Tanzania<br>Cell: <a href="tel:%2B255%20783%20018998" value="+255783018998" target="_blank">+255 783 018998</a><br>
<br>
</div>
</font></span><br>_______________________________________________<br>
Skunkworks mailing list<br>
<a href="mailto:Skunkworks@lists.my.co.ke">Skunkworks@lists.my.co.ke</a><br>
------------<br>
List info, subscribe/unsubscribe<br>
<a href="http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks" target="_blank">http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks</a><br>
------------<br>
<br>
Skunkworks Rules<br>
<a href="http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94" target="_blank">http://my.co.ke/phpbb/viewtopic.php?f=24&amp;t=94</a><br>
------------<br>
Other services @ <a href="http://my.co.ke" target="_blank">http://my.co.ke</a><br></blockquote></div><br>