thanks all for your help i found the security valnarbilty and fixed it and i am going to share how i did that
first i used shell access to find a ( base64_decode )
grep -r base64_decode *
in my root folder for each website
and i checked the results so good
i found that there is some strange code with base64_decode
at ( root/templates/ekebic/index.php ) with is an Elxis Template and it is not the default on even not in use
this is the code i found
<? eval(gzinflate(str_rot13(base64_decode('FJzHjq1Ksn897/TUJBQERVO......etc......57FJQ8=')))); ?>
i go to decode it and bingo this is how the hacker can do every thing that is done
this is the decoding result ( find in a txt file in attachments )
i cleared that code and restore the original index.php of that template code
can some one make it more clear for me about what this could could do coz iam afraid i understand it wrong :S
and started reading more about how hackers can hack the website
but what is strange is that i need to know from the first starting how could he put that code in my files ?
could he inject it into a site that i let users to make posts and articles in it ? or throw what can the hacker inject a code into a website ?