Epsy has just posted this:


         YiiMP was hacked by a new very serious method involving IRC bots and PHP files creation.

         Most known (and less known pools) were withdrawed in one hour after installing a yii php
         interface to their IRC network (a php irc client).

         Banning IRC port on your server is the first thing to do (6667) but you also need to prevent
         any .php file execution (except the required index.php) on your web server.

         Both nginx and lighttpd were vulnerable, but the location of the php client was different
         regarding servers.