Best thing to do is just check through FTP in each sub folder and look at the /index.php files last modified dates, you can also look at the file contents normally this type of attack loops through all your folders in FTP and downloads each index.php or index.htm file adds code to the bottom of the file and re uploads.
Sounds like you are on the right track of fixing this out.
Aaron
-
- 14 Posts
Hi Aaron
I have checked those two files:
manager/index.php
This one has not been changed for months
manager/includes/index.php
This one is not there. I can only see:
manager/includes/index.html
and that one has also not been changed for months.