Websites primarily consist of 2 main things, web files (php, asp, html) and databases (MySQL, PostgreSQL, Oracle). This kind of attack involved the first of the 2. It was a code injection into a site file.
Every file can be “hashed”, this means that through mathematical calculations it can turn any bytes of data in a file into a kind of unique identifier for that file. Which means that if anyone so much as added the letter “t” to a page, it would change the hash completely. It wouldn’t be hard to generate hashes for all of your clean off-site files, then upload those to the server and run a periodic hourly check on all files to make sure the hash hasn’t changed for any files. If the hash did change, then you’d know the website was compromised.
Just a thought about the next time you develop a web application with payment systems. Security should always come first.
– Captain Hindsight Away