I have inherited an account that appears to have been compromised by someone who is posting viagra/cialis spam in several subdirectories of several sites on the account. I changed the account passwords and deleted the subdirectories with the rogue content, but when I came back a couple of hours later, the subdirectories were back and now I can’t delete them (I get an error that says I don’t have enough privileges–even after chown’ing everything to 777).
I am new enough to this to be totally bewildered. Does anyone have any suggestions?
How can I delete the offending content?
Is it likely that there is a script/process running that is watching for the directories to be deleted and then putting them back? How could I search for such a script or process and get rid of it?
Any help you can give would be most appreciated.