So, after using a clients site as a lovely phishing centre, and code uploader and bull****, worked out that PHPList is the culprit.
There is a built in exploit in the code that pretty much opens a door.
http://www.suspekt.org/2009/02/06/some-facts-about-the-phplist-vulnerability-and-the-phpbbcom-hack/
So stop using PHPList!!!
There is a built in exploit in the code that pretty much opens a door.
http://www.suspekt.org/2009/02/06/some-facts-about-the-phplist-vulnerability-and-the-phpbbcom-hack/
So stop using PHPList!!!