i was looking over the plugins page of one of the blogs i manage and the plugins program is telling me that it had disabled a plugin — reporting a file with an unfamiliar name and a series of ‘../’ before it. hmmm… alarm bells rang in my head.
a little looking and i find the file under the tmp subdirectory in my server. i tried deleting the file and the server kept giving me that ‘permission denied’ message. more alarm bells. i downloaded the file and changed the permissions to none executable and the only by owner and group — no public access and no one has write access.
taking a look at the file, i found that its a php file and the rest are hexadecimal values which leads me to conclude that its a malicious file and that its hiding it’s digital purpose — nothing good by the looks of it. i, myself, do not have the time right now to decode it so if someone out there is willing, i can send you the file. just leave a comment and i’ll send the file to you.