|How well do you know your server?|
So I sent a message their way. I seems this hack where done by accessing an upload that where not sanitized, giving the hackers the ability to run their own little php forum, advertising all sort of drugs for sale.
I thought I would do a quick check to see if any other municipal had employed the same flaws, or more accurately I was looking if any one else had fallen for the same type of hack .
That led me to a month old bug in Parallels H-Sphere and ProFTPD.
From a page being exploited by that bug; I found a very exact search phrase.
A way to good search phrase.
This lead me to overwhelming hits on .se even if the phrase could not legally be on that domain.
So at 3:am and on the notion that PDE5 inhibitors are advertised for sale on a Swedish political party "Moderaterna i europaparlementet" home page (amongst a gazillion others), I will go to sleep. PS: They have no IT contact listed, so I guess they will notice it when people start to complain over the products.