Strange files in webroot
Posted on 2014-12-02
My website is hosted on GoDaddy. Some time ago they turned off server logs and said everyone should use Google Analytics. Just recently I noticed the logs are back. So I downloaded all that were there and ran them through a log analyzer. I noticed a file in the root were being looked at that I did not put there. On Nov. 18 there was 2 HEAD commands for the file zip.asp. The IP points to Europe. Then starting on the 19th there were multiple GETs from all sorts of IP addresses. Any idea how the file got there?
I also saw references to scripts/umRusy7isT.asp. It had 1 line of code that was a response.write
I have deleted both files and the script folder as it was now empty.
Should I be concerned?