The interesting thing is the one who achieved access via some clever php exploitation of some outdated php scripts I had left up was someone who values knowledge and hacking for the hack value over childish vandalism of technology. I'm not denigrating political hacktivism, I'm all for that, just saying this wasn't an exploit malware farm bot but an actual humanoid.
I know because of how I became aware of the hack, I received an email using PGP from the security researcher who detailed the vulnerabilities exploited and also left an mp3 file in my root directory. They were anonymized fairly well, but I didn't want to pursue that angle at all due to the polite nature of this user.
I'm all for getting hacked like this, and hacking like this, as much as possible, it may appear on the surface to be a pain, but the net result of this attack is just that my server is now locked down to prevent that specific type of attack from happening again.
This hacker left an audio file in my root directory to prove that they attained full 100% ownership and control of my system. They had gained root access after elevating from the initial hack and then used ssh authorized keys to attain full console access without needing the password. It was a nice way to do that, and I enjoyed the unusual act of leaving an mp3 which I don't see often. Much nicer than those stupid txt files that malware bots have been leaving around as much as possible lately, plain text files that contain stupid text like "pro-isis hackers have owned your box" and also "anti-isis hackers have owned your box".. and french hackers, russian hackers, iran hackers, blah blah so stupid. So old-school but they don't realize its oldschool which is w (lol).
I put that mp3 online at http://gator.askapache.com/boom2.mp3 not sure where it is from but reminds me of the audio files commonly embedded in cracking software such as the one I grabbed out of a key cracker and put up at http://gator.askapache.com/a.mp3 which is actually a very sophisticated and tiny file (I made it large by stream ripping it).
Oh and don't worry about analyzing the boom mp3, I re-encoded it after ripping from a raw stream, so it's not the actual file left in my root.FAQ: My site was hacked on the WordPress codex.