pack of crapfiles from compromised site

[bad_brain]

now that was the most pwnd site I have seen yet...
website of a client, I did the initial site but then they had the great idea to hire a cheapo SEO company for a make-over, after a quick convo I knew they have zero technical knowledge....so it was just question of time until it gets funny.

anyway, when logging in I was instantly alarmed by the server load of 2, which is not much but still much more than usual. processes showed lots of processed by the user/owner of the site and a quick log check did the rest.

most funny is a whole new directory in the site root containing 2023 .php crapfiles...

if you want to have a look: https://file.io/MyPtJBDN" onclick="window.open(this.href);return false;

[bad_brain]

the first files seem to be mostly spam/phishing pages, attached the shell stuff I found by a quick look.

[ayu]

Funny how I'm reading this now. This exact thing happened to me yesterday xD.
Client called in panic and said their WP site had been hacked. Spend all day yesterday cleaning it all up xD

[computathug]

now that was the most pwnd site I have seen yet...
website of a client, I did the initial site but then they had the great idea to hire a cheapo SEO company for a make-over, after a quick convo I knew they have zero technical knowledge....so it was just question of time until it gets funny.

Phewww, glad i'm not cheap

[bad_brain]

Phewww, glad i'm not cheap

also we have the technical skills to blame the clients when one of our sites gets hacked....which is usually even true...