A few days ago the webhosting agency locked down one of my websites, due to a security issue they came across during a scan.
I'm now analyzing and trying to repair the installation. So far each .php file I checked seems to be affected, also within all themes and plugins.
The injection appears to consist of several php statements at the very beginning of each file, some seemingly endless long variables, an explode statement and so forth. Further, the date of last change as shown in my FTP-Client is unchanged for each file.
I've searched the web and the forums for similar cases but didn't find anything.
Two other sites of mine were also down ("white screen of death") - however, they were hosted somewhere else and just restoring the backup of one week ago did the trick; I didn't check the filesystem of these websites, so I don't know if it was the same problem.
Now, for the website in question, the webhosting agency only keeps the last three daily backups and thus unfortunately I wasn't able to solve this with restoring a backup.
So I'm required to manually renew the whole installation, including the themes and plugins.
Has anyone also encountered this issue/attack? How did you handle it?
Thanks and cheers