Hi
Do you have a known clean backup you can revert to ?
I would really suggest taking the site down until you know exactly what has been compromised.
It sounds like the exploit may have been in apache, php or ftp.
From what i have read, it seems that the backdoor may allow one to get a remote shell on the target machine. It's classed as a severe exploit.
I moved it to this subforum to get some eyes on it for you.
First of all, check out this site and check your php security settings.
http://phpsec.org/projects/phpsecinfo/
FTP is insecure. Consider SFTP instead. Any reason you must use FTP ?
What security have you added to lock down the box ?
Kind regards
Bookmarks