Okay, so the site I manage for a client was infected with malware the other day, and again yesterday only about 10 hours after being cleaned up (the site is exported from a CMS running elsewhere, so re-uploading wasn't a problem).
The site runs no third-party software or any CMS at all. The only dynamic content is proprietary and quite minimal. There are no execution calls or anything simple like that that could be exploited. (This is obviously an automated attack anyway and it seems unlikely that would be exploiting proprietary web software even if it were blatantly insecure.)
I've cleaned the site up again, but I can't tell Google it's clean again until I figure out what the problem is.
The attack adds this sort of content to all PHP files (fairly typical stuff):
Obviously you could easily figure out what the decode is and such, but that's hardly relevant.Code:removed
What should I do about this, and is there any reason for me to believe that this is not due to compromised security on the server?
Thank's a lot!
author: internet việt nam
Have a nice day.