I've been trying to fix a .htaccess malware attack for about a month now with no luck. I have around 8 sites on the server and they're all being injected with bad .htaccess files every hour or so. I tried updating all my wordpresses, as well as deleting unused plugins. I tried doing a clean up search of my server to remove any suspicious php files. It seems as though the hacker doesn't have a file on my server but has access to it through a back door or something.
I need someone to fix it fast and thoroughly.