I was sending some files through FileZilla to my site when I noticed this strangely named file:
\002\217a\333\\rb\004ݠ\025H\214d\277\\Z\304H\3328\f#\3641\ \tFA\001\\Z\272r\ \021\340\@\263\>\210\234\301\376\@\312!\373爬F\323\a\3729hN~\005\036î\002]\316H\263\335ˊ\354\237#v\335_\313\|\264\266#+\205\266\320\375\\n<\>m\a\>\353\017\263g3*
Owned by root and with all permissions (-rwsrwsrwt). I am a little bit worried, does anybody know what can it be?
This is an encoded script which has been injected in to the file system through a security hole somewhere on the server - this could be a security hole within a website app you (or someone else on that server) is using, old credentials left lying around that may have been brute-forced or hijacked, etc.
These types of attacks are most common on shared hosting servers where open source scripts such as WordPress, Joomla, etc are installed. Make sure that any applications you are using on your website are up-to-date and any installed plugins are using the latest version.
If you are on a shared hosting server, I would recommend contacting your hosting provider's support team so that they can assist in finding the cause of the risk, and a resolution.
There are also companies online that specifically deal with these kinds of issues, such as Sucuri (sucuri.net).
