rocknbil - 7:13 pm on Jan 25, 2011 (gmt 0)

If your site is static HTML - no CMS to modify it, no Cpanel, no tinyMCE or other large library Javascript, no other "way in" - it's entirely possible it was some other site on the server that got hacked and is affecting other sites on this server. Security breaches do occur at the server level and there's not a lot we can do about it.

Your FTP methods are a possible entry point, but with a strong password you change often, it's a lot less likely. The thing with regular FTP (not SFTP) is that with every file you transfer, the user name and password is transferred in clear text. If someone is sniffing the data in transit, it's a possibility.

Given the conditions you describe, I'd be more inclined to think it's some condition out of your control (strictly, 100%, unverified *conjecture.*) I'd close shop and move your site to a different hosting service. A new start always help give benchmarks against security issues.