Drupal 7.x

Hello,

A few weeks ago I had to delete strange folders and files with strange names that created themselves in my drupal folders on my hosting.
However, today when I go to check the reports, there are always anonymous users who try to access these folders. Example of folders and files :
viawwi/uhiigr.php
notzzkw/tonure.php
nowir/list.txt
rigoue/coeibut.php

How can I clean and secure that ?

Thanks a lot for your help

A recent PCI scan of our site flagged a cross scripting vulnerability described in CVE-2012-6708. The text of the cve is: "jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload.

I have a Drupal 7 website that contains a lot of users that are grouped up using workbench access. Is there anyway to configure users in these workgroups to receive emails when content is over 3 months old using contributed modules?

The Full Calendar module shows the day headings in week view as Month/Day not Day/Month.   Please see below:

Incorrect date labels and dpm output

I used dpm(get_defined_vars());  to try and identify which aray element I need to alter with a hook. Please can someone help on the following points:

Does anybody know how I can clean up all the server information that is showing once a user clicks on "Forgot my password"?

Here is an example of the text:

I want my users to enter a Username and email when they create an account (per Drupal default). This way they can use their Username in comments and node creation. BUT, I want "Request new password" to require email only. This way the public can't randomly enter someone elses Username (which are publicly available), to generate reset emails to unexpecting Users.

Note:

My Users CANNOT have permissions to change their Username. This eliminates project/email_registration. LoginToboggan doesn't provide this method either.