.php.bogus file extensions

In WP version 2.6, the two themes distributed with the WordPress package were named “classic” and “default”. So at this path in an installation of 2.6 – /wordpress/wp-content/themes – you would probably find:

/default
/classic

The custom theme was most likely someone’s effort at making a unique theme for their site. One could only guess the origin of the “.php.bogus” files, but in doing so, it might be something as simple as someone renaming some original theme files with a “.bogus” extension – much as you might use the “.bak” extension – while using copies of the originals to modify.

Another explanation could be that the site has fallen victim to one of the known vulnerabilities present in that version of WordPress (or issues with the hosting account itself), and has been compromised.

Of course, everything I suggested is pure guesswork on my part without first hand knowledge of the site.

Thanks for your input Clayton.

Yea the reason I ask is that we have some code injection on all of our sites (.php) on that server, and we are currently trying to narrow down where it came from. Today has been the best day so far (in 3 weeks). We were removing the code injection but within a few hours it came right back, I have updated a few wordpress sites today, added Better WP Security and still clean so far.

I think I’ll delete those .php.bogus files and hope for the best over the weekend.