I think the gallery site was hacked, now when any member tries to see their profile, or retrieve their password, or even if a visitor who is not a member clicks to retrieve their password, they get taken to the member.php page, but a different screen loads with "TRFV Remote Shell1.0.4 beta build 1 on Linux" as the header. People can see session variables, create sessions, view files in the folders on the server, even delete files etc.
I have downloaded 1.7.4, and overwritten the remote files with all the files that were changed according to the changed log, but the problem is still there. I have also uploaded a new member.php file, globals.php and others, but I cant seem to get rid of it.
Please help. I dont want to paste the url here, as then everyone will know where they can go and break the site!
Any suggestions??
Thank you for your help
Francois