So I have a client's site that has been hacked in the index.php file. The hack contains variables like this:
I've done some ssh stuff and found some shell exploits that I removed. But, when I delete the code from the index.php and save it back to the server, and I refresh the ftp to see the file size, within a second, the file is right back to the hack being in there.
What am I missing? What would re/create the index.php file like this?
Any help is appreciated.