Hi All, I inherited a hacked shop. Version 1.8.. Cleaned, reinstalled, all security patches applied. Actually running 126.96.36.199 I thought I had finished the process but tracing a denied file access I found the following:
from media/ find . -type f -name *.php
from root/folder => grep -rl . -e "<?php "
My question is whether there is any known information about such files?
Should these files put me on the track of similar others one?
I wonder if denying access to php and js files from media folder is a good way to go.