17 November 2009 at 5:57am
Looks like a drive by injection attack on your host, generally targeted at php files. This doesn't look like a specific Silverstripe problem. These jerks will hammer on sites until they get in, then find the first index looking file and append crap like the above to it.
1. Change your ftp/ssh/etc passwords immediately!
2. Stop reading step 2, you're supposed to be changing your passwords
3. You might want to start checking other files or sites you host there for similar attacks
17 November 2009 at 11:57am
Thanks Sam for the post and your email.
I have now added the .htaccess file under assets but test.php files is still visible.
Haven't upgraded yet to 2.3.3 that would most prob be why. Will get the upgrade happening and see how things work out.
17 November 2009 at 12:03pm
Fabie, it is a problem at your host in that someone that is not you has changed your site files, not a Silverstripe issue. Typically this means someone has stolen login credentials (FTP/ssh/etc) or someone has compromised the entire system at your hosting company (less likely).
Sam's suggestion would overwrite any compromised files, which is good. But you can bet whomever did it in the first place will be back.
If your clients have access to the site via FTP/ssh/etc you should change their passwords too, then upgrade. And don't let them store those passwords anywhere silly. Heck, one of their machines could have some malware that is passing credentials back to whomever did the injection in the first place.