#PHP injection

Someone a phpinjected into our server and defaced it.

due to the security nature, Let me know if I should post his direct method here. if not, pls do contact me so I can transfer the information.
is this on the radar?

as of current there are no known security issues. if you feel you have found one and are able to reproduce it on a stock panel, check the github for how to report it.

well, I had someone else look at it, I am not nearly at that tech level.

then direct what i said to them.

99% sure pterodactyl at its stock code is not going to be the issue

issues start with modified code / ""someone else"" touching your panel / other software

as far as I know we have not changed much.

"much" - sounds like you have a lot of digging to do

he said that he can't phpinject himself, so won't be able to test it.

then there is nothing to investigate.

you are reporting something that likely is a security issue on your own system

we need reproducible steps, otherwise we cannot know what happened.