You need to do the following:
1. scan your website for malicious code and hackers shells
2. remove them
3. protect website from being hacked again
For website scanning you may use a lot of different tools: ShellFinder (
https://github.com/znb/Scripts/blob/master/shellfinder.py), ClamAv (
Clam AntiVirus) or Ai-BOLIT (
ai-bolit - malicious code detection tool: find hacking and malicious scrips on website (wordpress, joomla, etc).). Last one is pretty good at hacker's shell detection.
Once malicious code is detected you have to remove it carefully.
Then protect website from being hacked:
1. add extra authorization for admin panel (e.g. allow access from particular IP)
2. make most of files and folders "read-only"
3. upload, cache and temporary folders make writable but put .htaccess into them to deny access to .php files inside
4. disable system functions of php:
popen,exec,system,passthru,proc_open,shell_exec,ini_restore,dl,symlink,chgrp,putenv,getmyuid,fsockopen,posix_setuid,posix_setsid,posix_setpgid,posix_kill,apache_child_terminate,chmod,chdir,pcntl_exec,phpinfo,virtual,proc_close,proc_get_status,proc_terminate,proc_nice,getmygid,proc_getstatus,proc_close,escapeshellcmd,show_source,pclose,safe_dir,dl,ini_restore,chown,chgrp,shown_source,mysql_list_dbs,get_current_user,getmyid,leak,pfsockopen,get_current_user, syslog