Weird and Dangerous : ro8kfbsmag.txt

Well, I don’t know where to post this question.

LAST WEEK, I had a big problem on my wordpress installation. All the plugins was disable and all the “attachement” posts status had changed to “post”… As a result, I saw no uploads file via the admin browser.

After a short investigation, I saw that the last post in the database had only “ro8kfbsmagtxt” for content…

I was able to repair the site by using a backup on my server.

YESTERDAY, I was browsing via SSH on my server and I found in the TMP folder a file called “ro8kfbsmag.txt”… Hum hum. I downloaded it, and it’s a PHP script, with a form, and with the title :”Magic Include Shell by Mag icq 884888”

Well, I don’t like it… ??

Here is the content of the file… If any WP guru could take care of it, It sounds dangerous to me…

S.

———- ro8kfbsmag.txt —————

<?php
/*Magic Include Shell by Mag icq 884888*/
//TODO: ??èòü ?àé?? íà ?a?é ?ò? (!), eàá?òà ? ?èeàìè (.), e?í?éì ?àé??a (?), ?ò?eàaêà ???ò, ??ò, êóê?a ÷?e?? ??ê?ò? (!!!)
$ver='1.6';
if(isset($_GET[pizdecnax]))
{
...

Large PHP code removed by moderator. You can find this file via google, if you want.