PHP Script Exploit - how to tell

Just a couple of questions: what does this mean:

the server was compromised due to some php script exploit hosted by some user. Due to the compromise we are now loading a fresh OS as there is no other way to 100% get rid of the exploits installed.
Unforutnely this is what happens when customers install scripts and do not maintain/update them, or they install already exploited scripts. This put everyone at risk.
How do we know which scripts are causing this? Is there a webiste or list that someone has made that lists all of these things, and if we install something from fantastio are we or are they at fault for not updating the script?

 

 

 

 

Top