I have a problem with my site. It has been hacked several times now, and I always restored my last backup, which is supposed to be clean (at least all Tools like Sucuri and others tell so).
After a few days or weeks it is hacked again. Google Webmaster-Tools tell me, there is malware in the URL:
Malware-Code eingeschleust,http://www.unixhelpdesk.de/,24.01.14,"""
[Code moderated. Please do not post potential hack code blocks in the forums. Please use the pastebin]
O.K., I see this is an encrypted URL and always the date of infection is part of the URL (http://www.unixhelpdesk.de/,24.01.14). But I cannot get rid of it for a long time. The Site will be infected again, if I restore it from backup. Changed Password etc. And cannot find the reason...
Does anybody know exactly this problem and found a solution?