Today I found a php file that had .jpg extension on my server. The file was uploaded using a feature on my site that let's my users upload icons upto 10kb. The file also renames all uploaded icons from central.gif to central.gif1198108603
I'm wondering here. Do I have a security hole? Was that actually something to worry about?

Half a year ago, I found my index.php redirected to a warez site... I never found the cause, but it never happened again as well... I was running php 4 and mysql 4 at that time. Now they're both at ver. 5.

Unfortunately, php files CAN be loaded using certain extensions, like GIF, etc. which are predefined in the php code. This could be something like a webshell, so be careful.

That's scary. I feel a lot less secure after reading that! I'll try to get it sorted.

By the way, the file had this inside it
I can show you the code if your interested. I'd like to know what it exactly did. lol.
Thanks for the reply.

As a shot in the dark it is probably either an IRC bot or some sort of webshell to give access to the system.