Yesterday someone upload a file to my site, checking the source of the php file I can cheked that is something like a shell, I notice that something goes wrong when the pictures mark the error 404 and check by ftp and the files was in the folders, so i try to re upload the image and the system tell me that the extension its no permitted, so I went to the Control Panel and check the options and I saw that the extension options was changed to only permit to upload PHP files extension!!!
How did he do that!?!?!
I can believe that someone upload a file modifiying something in the upload code like a sql injection, BUT how did he changed the option to permit to upload php files!!!
is there something to prevent such kind of exploits?!?!?!?!?!
thanks for your help!!!