the site has been working well for years in the current way
the site hasn't reached it's quotum o the server either (have seen that corrupting textfiles)
I use the cookie mod, and have been looking but couldn't find anything
so i went to look what's causing it, and files from the auth/ folder just disappear, without an action from that user
so i changed auth to auth-new and that didn't change anything (to see it was a malicious script on the server, could still be so, for example if they read the cfg file, but still)
so i logged in, saw the user file in the auth folder and quickly switched the webserver off. I kept refreshing the folder (ssh) but after 20 seconds, the file disappeared again.
the server that the website runs on, has been ddos attacked lately, and sometimes still is but the server is now protected better.
could this been done by some kind of attack?
I'm really clueless now as to what is causing this.
Any ideas would be really appreciated.