/** Disable File Editing */
/** Disable file modification including install and update of themes and plugins */
/** Ask for FTP details when uploading and installing themes and plugins */
Now move wp-config.php file above public_html
█ YagHost - Pure SSD Hosting | Since 2007 | Average Response Time: 15 min
█ Web Hosting | Reseller Hosting | Managed VPS Hosting
█ 99.9% Server Uptime Guarantee | 24/7 Rapid Response Tech Support | 30 Day Money Back Guarantee
█ LopHost.com - Web Hosting Tutorials
Hello again, after nearly five months I come up with some information that how we dealed with this issue.
*First we determined the old Wordpress installations and warned the users one by one.
*Then we installed Configserver eXploit Scanner on all of our cPanel servers and scanned them. As we hoped CXS find all the malicious codes and cleaned them.
*On third step we signed up to Atomicorp to get up-to-date mod_sec rules and we integrated it with ConfigServer ModSec plugin on every cPanel server.
Now we are scanning every shared hosting account every night via ConfigServer CXS before the backup process. To sum up; these steps on above satisfied us and solved the problem. If you configure well your ConfigServer ModSec it catches nearly all harmful proccesses but I advice you to use CXS for deep investigation and detailed scans.
If you have any addition or idea to this approach please clarify.
Last edited by emresavas; 04-26-2014 at 05:13 PM.