I write because I do not know what to do to fix the problem. In practice I have some websites and most of these have had problems with unidentified virus infection that led to the hacking of the sites. Hacking consisted of inserting .php files into some folders and editing files
which then had consequences on the serp (persistent files with Chinese characters, etc.).
After several attempts and with the support of the hoster, I managed to clean up most of the sites, while with others I just can not. After having been assured by the host that the remaining sites were clean, after a scan, we have come to the conclusion that the source of the changes to the aforementioned files could started directly from my pc. So I thought of some keylogger hidden somewhere or something. So I installed and run the scan with the following tools:
each of these found something promptly cleaned up, but still did not solve the problem.
I also replaced the FTP password at least a couple of times, with no result. The modification of the two files reappeared promptly after a few hours.
this is the line that is inserted in the .htacess
RewriteRule ^ ([0-9] +) \ / (antibigotry) \ / ([0-9] +) _ (. *). Jsp $?
Antibigotry $ 3 = $ 1 &% {QUERY_STRING} [L]
I can't report the code injected into the index.php header becouse it's too long. I would need help or at least a track to work on.
Thank you
It can be difficult to find the cause if your server has been compromised depending on the level of sophistication. You can use a service like sucuri, they have a free scanner on their homepage by which you may find root of cause and they will clean your site for you if your willing to pay.
You said your .htaccess files gets compromised
To Protect your .htaccess file from getting hacked add following code in your root .htaccess file
# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>