Anyone seen this weird directory after a hack?

Last night my sites were hacked. Looks like a bunch of .php files were all modified within wordpress directories.

It also affected my folder where DLG (Sam Stephens download guard software) resides. That was the major problem because now I have to manually add customers who couldn't get their product.

Bluehost fixed it for me by restoring files in my public_html. I opted to leave the databases unchanged because as far as I can tell they were not compromised. But if they were I can go back and restore them too.

Anyway, I was looking through my files via FTP and I noticed a weird folder in my public_html called "scopbin".

It seems to be related to some way to execute encrypted PHP code. There is a single php file inside the directory with a bunch of stuff I don't understand.

Anyone ever seen this? I have done a bunch of Googling and can't tell is this is part of the attack or not. I've renamed the file to .xphp in the mean time so that it won't function, but I'm curious what this sucker is.

While we're on the subject, I'm at the point where I think I need better backup and protection versus what Bluehost offers.

What do YOU recommend as an ultimate solution to automate backups of all your sites?



I am not a develoer and I have no need for such a directory