For a website that is not updated frequently, I continue to use... AM 1.2. And it works flawlessly, there are only a few hundreds of articles, a few more every year - so I do not see any need to change.

But anyway, the purpose of this post is not to advertise past versions of AM! I have come across something suspicious, and before attempting to delete the items, I would like to have expert opinion.

I do publish all the articles in one folder, called /p. Yesterday, as I was testing a cloud backup service for that website and other ones (myRepono.com, a quite interesting tool at affordable price), I noticed that it could not backup two files that are found in that folder. The names of those files are:
include.php
report.php
There is also a third file called: index.php
I attach a screen capture showing how they look in cPanel.

It is impossible to open include.php and report.php, impossible also to download them in order to analyze their content locally. And the backup system cannopt back them up.

The website was hacked a year ago (not first time), and I suspect those are legacy files from that hacking. This suspicion is reinforced by the content of index.php, the only one I am able to open. It reads:
"<!-- Placeholder file for previously hacked file that contained string HackeD By [hacker's name] -->
Lines of code follow.

Before attempting to remove those three files, or asking the webhost to remove them if it is impossible for me to erase them, I just want to be sure: there is no way AM 1.2 could produce in the publish folder such php files, correct?

Thank you for confirming that! The files must have been there for quite a long time, and I prefer to ask before erasing them.

Re: [tribulatio] AM 1 advice about suspicious files in the publish folder

No comment... OK, I will go ahead and ask the hosting service to delete them, hoping it will be the right decision.

Re: [tribulatio] AM 1 advice about suspicious files in the publish folder

By Dave - January 13, 2012

Hi tribulatio,

If you change the permissions (chmod) on the files you should be able to download them. And if you email them to me at dave@interactivetools.com or attach them to this thread I can take a look. But you're probably safe deleting them.

Hope that helps!
Dave Edis - Senior Developer
interactivetools.com