I'm on shared hosting and today i discovered there are some backdoor script.. in .htaccess and a php file.
So i went to check via FTP, cannot edit nor delete.
So i checked with direct admin.. the file permission(GUID, UID) is set by APACHE
while rest of file is set by my username,
So my question now is.. the trojan did this is originated from my computer or host side?
When the web server writes out a file, it has the UID and primary GID that the web server is running under. As for whose fault this is... it's hard to tell. If the permissions of anything was set to 0777 then it's quite possible that a hole in a script was exploited to write it out.
As for getting rid of it, if you're the owner of the directory it's in then you can rm it, otherwise you'll have to ask the hosting company to get rid of it.
