I had a chance to work with one of websites which was affected by hackers attack. Files structure was looking like hell and needed to be clear.
Let me show you one of directories added after this attack:
After running command which counts files in this directorie:
find ./wp-content/uploads/et_temp | grep -e '\.html$' | wc -l
I’ve seen number files: 7497
Each of this file was accessible from browser so after running ie:
…page was opening (full style page).
Have you had this kind of issues? Check your WP instance with health-check tools.