One of my clients got hacked. As far as I can tell, it was rudimentary. They added a call to a remote script to the custom body.yaml file:
body_bottom: '##script code##'
Of course, there could be other changes that I couldn't find.
I don't know how they got access to do this. I don't think it was brute force. I do see several login attempts, but the Manage Users screen shows no one logging in on the day the file was modified.
Any suggestion on how to determine how they got in?
Regardless, I thought I'd let you know, in case there's some vulnerability in the template or Gantry. Like I said, I have no idea how to assess that, but I trust that your team does.
Thanks.