This may be of help if you have a similar problem.
 
Ive recently had two sites go down on my remote host because the files had been hacked. This resulted in the server issuing a timeout - 504 - error as a php script hadn't ended.
 
In an effort to find the problem I compared datestamps on the files and permissions. All seemed normal.
 
I then realised that Filezilla (and some other ftp programs) had a "View > Directory Comparison" feature.
 
By comparing my local mirror site with my remote public site I was able to find the corrupted files because some were larger than they should be and I also spotted added files on another site.
 
As an added precaution I've disabled ftp access to my sites to be restored and removed when I'm working on them.

My ISP told me that I had been hacked - Viart looked at my files and said not.
 
I have changed my ftp access and hope I am OK - I hope!!

Its worth, Chris, doing the directory comparison as it may well be that the php have been appended to. Your ISP will be looking at traffic logs to monitor unusual behaviour.
HTH

As I had my upgrade done for me by Viart I never had the original files locally.
 
I have just downloaded those I needed to work on.
 
Chris

can you give me the good command C_EXTRA_FLAGS … i can copy past on my terminal,