rmu

I had the same issue. The injection also changed my DB structure for the append column in the ox_zones table. No other files were modified, but I do believe the code put in the file, did the other modification to put in the code that was added to the append column I did also have another issue where an intruder logged into our system, the log said as me, and added code the mobile redirection directly to the ad creative. I added a different admin user, and removed my old one... I also reinstalled revive-adserver. I haven't seen any traffic since then of people poking around my admin area. Just tonight someone tried to do the fc.php injection. I already have php execution disabled in my images folder. The difference now is the permissions on the plugins folder. They are unable to write to that file now.