Anyone have experience and advice to locate the source and stop an ftp hack on my client's Wordpress site hosted on BlueHost? The hackers were able to do the following:
- Create multiple ftp accounts with usernames like
ss-ee4f8275917dfe28
etc. pointing to folders/tmp/simplescripts/
and/public_html/
- Upload php files with names like
MMprobe-N5ayJ.php
into thepublic_html
folder