I noticed this bizarre file, php.ini.NEWCONFIGPOSSIBLYBROKEN, appeared in my website’s root directory on June 27, 2010. My first thought? Oh no, I’ve been hacked! Fortunately, that was not the case. A technician from my host, Bluehost, responded within minutes to my support ticket with the following:

“That one can be deleted, there was a change to the php version so the admins removed/renamed the old ini files and set up new ones on accounts that had them enabled.”

It seems pretty sloppy to me that they left it there, but at least it wasn’t a hacking issue. Thanks to Bluehost for responding so quickly.