CPanel PHP Website - cleanup hijack scenario

Someone had changed my .htaccess, and I have removed that. But I still have phantom pages like this: http://www.biztalk-training.com/?puqr=usoe

I don't have any 404.php, 404.shtml, or 404.html pages. I checked CPanel for redirects on 404, and it looked empty (but would have created a 404.shtml if I filled it in).

If I type in something like this in the browser, I get a 404; http://biztalk-training.co开发者_如何学Cm/anything.html

I'm looking for what to kill, remove or fix to get red of the phantom page. I'm a developer (other platforms) with moderate familiarity with PHP and CPanel sites. I'm used to seeing domainname.com/progname.php?parm=test and I know how that works. But I don't know how the ?puqr=usoe is producing content on my site. They have other pages similar discovered by doing a site: search on google.

Thanks,

Neal Walters

Have you checked your index page? Under normal circumstances, http://www.example.com/?foo=bar will pass the query string (?foo=bar) to the index of example.com and will not produce a 404.

If these malcontents got write access to your server - and it sounds like they did - they could have easily modified your index page.