This question applies to several sites on this server, all using Defender.
I have a malware (I believe) hack that is seen by Defender, but it can't seem to stop.
The primary issue is the index.php file. When Defender restores the original, the malware turns right around and immediately puts the hacked version back into place. Then it goes back to work adding and manipulating files.
I have tried manually replacing the file as well, same thing happens.
I can't pinpoint the source of the malware, so I can't stop this.
The host (InMotion) has been unhelpful They started a scan for malware two weeks ago, and it just keeps running or stops and they have to start it over again. So, no help.
I have never seen this before so I was wondering if you have any ideas on how I can pinpoint the cause so I can eliminate the cuplrit?