I search a tool to find inject malicious code in my PHP files. In each PHP file I had this inject:
eval(gzinflate(base64_decode('pRlrc9u48bM70/+AaBhTjGmJol5WbNpJE+fuZppLqjid6di...
Of course I use the shell to find and replace the inject. But each hour the inject is back. So some PHP file(s) are injected. I've more than 34 websites on this server - each website are injected.
My question now: Has somebody an idea to find the security hole? Maybe a online tool or a script which I can check all PHP files?
Thanks for your help.