How to replace malicious PHP pages with sneaky POST data capture

Whenever I've had the task of personally assisting someone with remediating a compromised web server, I can't help switching into researcher mode.  I want to know how the attack has happened, and of course to stop it from happening again, but I'm always intrigued by what the attacker is trying to achieve - and it isn't always … Continue reading How to replace malicious PHP pages with sneaky POST data capture