I have a reseller package with Bluehost for the past 11 years. They stopped selling reseller packages about a decade ago so I know the server I am on is from 2009. Very outdated. On Dec 9, several sites in my WHM got hacked. I’ve gone through a long checklist of all the things to do such as change passwords, 2FA, even changed computers.
This one site in particular I recently did the following:
1. Deleted all ftp accounts, MySQL databases, all files, deleted extra records they added to the domain, everything so basically starting from scratch cPanel and server.
2. Installed a fresh copy of WordPress and a maintenance mode plugin, Malcare, and Wordfence.
Sure enough, it took about 48 hours for it to be hacked again. The files they are adding are as follows:
robots.txt
simple.php
chosen.php
.htaccess (modified)
groupon.php
sample.php
.user.ini
index.php (modified)
network.php
They also got other accounts in my WHM. If I moved to an entirely new server would that get rid of it? I could really use some help or even a point in the right direction if you know the name of this hack. One person told me it might be the Japanese Keyword Hack.