On a shared server we have a few oscommerce sites. One of them keeps on getting an infection which adds about 60 lines of script to the end of each php and html file... hundreds of them.
We have changed user names, admin name, passwords, cpanel passwords, ftp passwords etc, but every now and then it happens again with the same script.
We have cleaned all files and started again with everything working fine and no virus alerts from our very current Avast and Malwarebytes but it still happens.
As the script is quite old I am updating to a new current script which closes some of the vulnerabilities in the old script but I want to be sure I am not loading a new script onto a site which will infect again.
I plan on deleting the current files and folders so public_html is an empty shell except for cgi-bin and staring afresh. I have also deleted the root/temp files for awstats etc as they too were infecetd.
What else can I do to close whatever hole there is is here. I have other sites on this server that are accessed more times than this one and they are all clean, so it is not me and my boxes, plus I do a thorough clean quite often just in case. I have told the clients to clean there pc's and they say they have repeatedly, altho' I am not sure.
I have attached a text file in a zip file with the virus script which is inserted. Please be careful and do not open it unless you know what you are doing as I would hate it to go further.
I would appreciate any help thanks..