Hi,
I have recently taken across a client site that had malware. I found this to be coming from the index.php page. It seems to be creating HTML pages from the website URL and trying to sell Diet Pills.
I’ve tried scanning with Wordfence to find out where its coming from, but no joy.
Every time I change the Index.php back to the original it changes itself back normally by the next day.
This is the index.php file that it keeps changing. I’ve tried changing the permissions to 444.
[ Deleted ]