As sad as this is to admit, it appears there is a folder or 5 on my site that have been sending out some kind of pharmaceutical spam. I guess this is just a lesson that when working with plugins that I’m not too sure about, I need to be extra careful.
The files in question have also written special permissions to themselves making it difficult to just erase them. I’ve contacted my hosting provider and hopefully I will have things sorted out soon.
Some of the names of the noxious files in question include:
- bucaon.php
- bucion.php
- caon.php
- chca.php
- chcion.php
- chva.php
- chva2.php
- hoon.php
- leon.php
- orfi.php
- puph.php
- adon.php
- bual.php
- bualon.php
- buph.php
- orphon.php
- orsoon.php
- orxa.php
- soon.php
- ulon.php
- weon.php
- buamon.php
- bufi.php
- buhy.php
- chfi.php
- chhy.php
- chso.php
- orci.php
- orhy.php
- puxa.php
- tron.php
- buhyon.php
- buleon.php
- butr.php
- chal.php
- chle.php
- orcaon.php
- orcion.php
- orva.php
- orvi.php
- pron.php
The interesting thing I found when searching for information about my situation, there appears to be a lot of other sites that also have these malicious php files on their servers and I assume they have no idea about it either—including, and this surprised me the most, many Universities’ sites.
If anyone has any more light they can shed on this, please let me know.
Update: At my request, my hosting provider has blown away the affected directories.