If you are using FileZilla as your FTP client, there is malware out there that will grab your FTP credentials from the Filezilla PLAIN TEXT FILE (yikes! ) and use that information to insert that malware code (indicated by the #b58b6f# type of code around a “gzinflate(base64_decode)” command. That is how your files will get attacked/compromised.
Look in your %APPDATA%/Roaming/Filezilla folder. One of the XML files in there has all your FTP web site credential (user/password/etc) in PLAIN TEXT! And the FileZilla people refuse to fix that obvious security hole.
My recommendation is :
– Change your FTP Password to your hosting
– Delete FileZilla from your computer (and you have to manually delete the folder in your APPDATA folder).
– Use another FTP secured client
Example of hacking sequence that you must clean your code from :
is transcoded to this sequence :