Who needs a better mousetrap when the old one is fine?

That was the approach of hackers who recently compromised a server running open source e-commerce platform Magento. To guard against the possibility of being locked out of the server should the rightful operators ever discover the breach, the attackers left behind a simple but effective script.

To the naked eye, the script was easy to miss amid countless other Magento files. Examining the code inside, however, revealed that it was a backdoor that was activated by sending the server a simple and innocuous-looking Web request. With that, an attacker who otherwise might have been booted out of the server could instantly become a server administrator with unfettered control of the system.