Thanks for your suggestions.
I have actually cleaned all files with ‘eval’ inside and stringently gone through all my files looking and deleting anything suspicious, particularly in the root.
I’ve not found anything, so the hacker has hidden any other rewriting / backdoor code well.
I’m assuming there is a backdoor or an engine that keeps rewriting these index.php files every few hours. Because when amending they always return back with that evil “eval” code.
I used this site to decode the script: https://www.toastedspam.com/decode64
Quite handy that, and worth keeping close by in case anyone else experiences anything similar to me.
A lot of people who had the same issues, refer to this page too as being a great help:
https://blog.unmaskparasites.com/2011/03/02/versatile-cc-attacks/
However, it says to find and remove all backdoor scripts which I’ve tried but can’t find ANYTHING. The search goes on…
Please someone help if you know how to solve this.
