1. Scan your computer. Do it well using good software. Many web site hacks are perpetuated by malware you accidentally loaded and your computer is the source.
2. Do a password sweep. Change all passwords connected to the site - the control panel logins, the database connections, the FTP, everything. Change it all and use a secure password.
2a. Stop using regular FTP if you can, set up SFTP and use it instead; with regular FTP passwords are sent to your server via clear text with every file you transfer, leaving the data open to port scanning.
3. If it's
what I think it is [webmasterworld.com] (because it's so freaking common,) begin cleansing. Get into your database (likely phpMyAdmin) and search it all for <script and similar, or any patterns you found in the HTML files. Clean up the database.
4. Repeat this process with the entire file structure of your site, use a good text editor (like HomeSite or similar, HomeSite is no longer available but you can get it for free now, I think) and search **all** html, .js, .php, and other text based files. ALL.
5. If you're using open source software, patch it, update it, re-read the best security practices and make sure ALL of them are implemented (you'd be surprised at how many sites I still find the "setup" or "install" directories in place.) If your site is custom programmed, start looking at how secure your coding practices may be (too long for this thread.)
6. Re-upload site.
If it comes back, it may be you're on shared hosting and it's some other site on the box that is being compromised. Take your files and run.
