I have a shared server with 10 websites, I clean each site with gotmls.net anti malware and wordfence scans. Within a day the malware is back. I have a bunch of ip’s Russia and Hungary trying all sorts of php files. Each time a delete .htaccess and fix every file I can find.
the index, wp-config and wp-settings always get changed to 755 and get something like this: (the file name and folder are randomized)
/*de9e6*/
@include (“/home2/xxxxx/xxxxx.com/wp-includes/js/plupload/.69ed8b01.mo”);
/*de9e6*/
No matter what I use or how many times I clean the website it comes back within 24 hours.
Server: Hostgator
Any help would be appreciated.