First thing I did haha
[quote=“richschmidt, post:5, topic:57202”]I don’t know what code was sticking that stupid rr.nu crap in there. I couldn’t find it.)
So I just moved all the files on the server into a temp folder (much faster than deleting them with my ftp program) and uploaded a freshly downloaded version of Concrete5 4.2.2. I had to create a new database to install it into, then switch it back to the old database once it was installed. Oh, and I had to re-upload the theme I’d been using. Voila. Problem solved.[/quote]
Did you remove anything that might have been an entrypoint for the exploitation, or have you just reset everything back to the way it was before and are hoping that the bot will forget about the site?