I have a site with 50ish uploaded jpegs. My theme uses an image resizing script that uses the native WordPress resizing function to create thumbnails from those uploads (not tim thumb).
I have file monitoring setup to notify me of changes in files on my site. One thumbnail jpeg in particular keeps showing up as modified. It doesn't appear different to me visually, but I am curious what could be causing it to be modified over and over.
I recently discovered my site had been hacked and I need to establish what has been involved in the hack so I can restore to a clean backup. I am trying to determine if this jpeg would be involved. (I checked the image resizing script against what is in the original theme and it appears unchanged.) I would love to hear if there are any suggestions or legitimate explanations for the thumbnail activity I have described or if this sounds like signs of a hack.
From what I have read online it sounds like php script injection might be possible with image files, but I don't understand how that would be done or how to check if that is what has happened. Would something like that cause a thumbnail to be modified regularly? Thank you in advance.