Knitter wrote:Thanks, Meep.
I looked again today, and now there was som new files: .bash_logout, .bash_profile, .bashre, .wsre. They seems to be related to some linux-code.
On the other hand I could now delete the empty folder faczw, that I could not yesterday, when I could only delete the contents.
I have changed my password, but it has not yet taken effect, and I was not allowed to use anything but letters and numbers.
I have also notified my webhost and await an answer.
Those dot bash files were created when someone accessed the server using SSH. If they were not there before, that means SSH was never
used previously to access the server with a userid that has a starting directory at the location you found those files. This could have been
your hosting provider checking things out or it could have been the person who put those other folders in your sites directory. You just may
not have noticed these files before and they were there all along. Check the date and time for those files to see when they were created in
comparison to those other folders. You might want to ask your hosting provider if they SSH'ed into your website at that time too. If you or
your hosting provider has not used SSH, then the userid and password for ssh access needs to be changed immediately, otherwise you will
be continually removing unwanted files and folders. I say both the userid and password because by only changing the password, the hacker
still has half of the login and may regain access in a short period of time.