Someone has gained entry to my full account. Over the past couple of weeks they’ve added eval(base64 code and kesyenmeyer scripts. I rid my sites of any cgi scripts and updated all my cms, changed all my login details and now using SFTP, but someone is still gaining access.
Here’s where it gets weird. A few days ago I found a folder named “s” The folder held 8 eight other folders with numerous files named sess_xxxxxxxx (x = numerals) Also in the folder were eight .dat files. 1.dat, 2.dat, and so on.
While cleaning out the files and directories I accidently clicked on one of the files which connected to and opened me into the root directory into another Linux computer. I looked around in there for a while trying to find out where I was. At first I thought I was in the root directory of a DH server. But it appeared to be just another users Linux machine and not a server. I took a print screen of the contents of the root directory, then closed my CuteFTP client.
Any feedback , much appreciated.
One last question, how do I change the login details for the control panel? It’s the only password I’ve not yet changed.