I have a malware infection on my server that I need assistance finding the source of, stopping, and blocking future damage. It is some sort of script that is inserting PHP: eval(gzinflate(base64_decode(...))) into my XenForo scripts as well as scripts for my other domains on the server. The server runs OS X, and anyone familiar with Linux, PHP-fpm, & Nginx would be of great assistance. I found a php file posing as a gif file within /private/var/tmp and have removed it, but the files keep getting the malicious PHP: eval(gzinflate(base64_decode(...))) code added to them. Please message me with your experience and rates.