I’ve just found the my website has been hacked.
I’ve found a new directory “guiex” (but the name can change) containing two files: “m” a text file just listing “index.php” and a php file named “mnq.php” (the code of this file is at the end of this post).

Now we have two questions to answer:
1) How the hell these files have arrived here?
2) What the f**k are these files doing here?
Continue reading →