I have a site that has been hacked a few times recently. In fact, one other site I had got hacked just as I was selling it - and that one was primarily HTML.
Anyway, I've no idea how they are doing it. The malicious script entry isn't showing up in the comments section, it's getting added to the actual page source - meaning that I have to actually FTP in to my server and manually remove the link from the template's source to fix the problem.
This happened once recently after I approved some comments, but has since happened after I've approved nothing. The other site that was hacked had a script injected into a straight HTML page.
SQL injection seems the most likely culprit, but because of the plain vanilla HTML page on the other site being affected as well I sort of doubt it.
Anybody else experience anything like this? I've had my site clean for a while and hopefully it doesn't happen again going forward as I contacted the hosting's owner and he apparently hardened the system a bit but I'd still like to know how this is happening.
When hacked my site gets listed as an "attack site" in Google's search results and Firefox (3 at least) displays a warning page before allowing you to access it. This crushes my traffic as most of it comes from The Goog. I actually appreciate this as it prevents people from getting infected and lets me know that I've been had again, but as stated above, my traffic goes right into the #*$!ter until I can clean and Google re-indexes.
Any and all help is appreciated.