Hello, a Typolight installation has been hacked and malicious code is being added to the .htaccess file.
(It's TL 2.8. –*I know it's old, but there is no budget to update it right this moment).

These are entries from the logo which seem to be the hacking activity:
Code:
95.163.67.198 - - [15/May/2012:12:28:22 +0100] "POST /cron.php?w2698t=1 HTTP/1.1" 200 144 "-" "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0"
95.163.67.198 - - [15/May/2012:12:28:23 +0100] "POST /cron.php?w2698t=1 HTTP/1.1" 200 360 "-" "Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0"
The are to the cron.php file which also had some code added to it. Here now my question:

Would I be able to remove the cron.php file? I'm not really sure what it does and whether this would break the site. I'd be grateful for a bit of your insight. Many thanks