8
Yes, if you have an sysadmin and no root access, maybe there was a general 'prob' with the system conf. - look why are so BIG ISSUES about safe_mode for example etc. - too lazy yet to name it all.
But i've wriiten the 'Infection Group' just the minute a mail, because i'm really interested how they've achieved it, or what exploit they used.
But for me it seems to be, again, close to php-Nuke + Clones code exploits.
We will see what comes up to read on the sec. Boards
P.S: see the uids and ids of a currently hacked site:
uname -a; id
Linux ds217-115-141-113 2.4.10-4GB #1 Tue Sep 25 12:33:54 GMT 2001 i686 unknown
uid=0(root) gid=0(root) groups=0(root),1(bin),14(uucp),15(shadow),16(dialout),17(audio),65534(nogroup)
..cool =)~