We have a shared hosting account that we use to host 12 joomla 2.5 websites. Someone has started to insert malicious code, which we first recognised in all of the index.php files. It looks like this: <?php eval(base64_decode('ZXJyb3J......elkzSnBjSFErJykpOw0KfQ==')); /** Google chrome detected malware coming from sites such as; itsaol.com, junglefire.com, etc. Replacing the index.php file with a new one solved the problem temporarily, but the code and malware alerts showed up within hours. I submitted a ticket to our hosting provider, and got a response, I will send it when we get in contact if it is of use. I changed the permissions on the directories to 'read only', which shut down the problems then, but all of our sites show '403' errors. We need someone to clean up the code and patch the vulnerabilities in these websites. For the most part they are basic joomla installs, with a lot of css editing mainly in the template.css files. Keywords: Template, PHP, Decoding, CSS, Editing, Google, Chrome