I am having a problem on my blog, it keeps getting de-indexed by google for hidden text spam and I keep finding this huge block of spam in the header file. It has hundreds of links, I deleted it and it was back a few days later. I just changed the password for the blog and am hoping that solves the problem. No other sites on my hosting have had any problems so I don't think the breach is on that end. Could there be some malicious coded that automatically places the spam back in? Here is my header code, maybe someone could take a look and let me know if they see anything strange?

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<?php require_once get_template_directory()."/BX_functions.php"; ?>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta name="verify-v1" content="kFOYSu6iYNeX3gOagKzN+DqxCx+LhvNy1TOT/9bs0=" />
<title><?php bloginfo('name'); wp_title(); ?>Yadda Yadda Title</title>
<meta http-equiv="Content-Type" content="<?php bloginfo('charset'); ?>" />

<meta name="Keywords" content="yadda, yadda, yadda">
<meta name="Description" content="Yadda yadda yadda">

<meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />
<link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" media="screen, projection" />
<link rel="alternate" type="application/rss+xml" title="RSS 2.0" href="<?php bloginfo('rss2_url'); ?>" />
<link rel="alternate" type="text/xml" title="RSS .92" href="<?php bloginfo('rss_url'); ?>" />
<link rel="alternate" type="application/atom+xml" title="Atom 0.3" href="<?php bloginfo('atom_url'); ?>" />
<link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" />
<?php /*comments_popup_script(520, 550);*/ ?>
<?php wp_head();?>
</head>

<body>
<div id="container"<?php if (is_page() && !is_page("archives")) echo " class=\"singlecol\""; ?>>
<!-- header ................................. -->
<div id="header">
<p style="text-align:left;line-height:75px;">
<a href="http://one.example.com"><img src="http://www.example.com/logo/some.gif" alt="http://one.example.com" style="float: left;width:340px;margin-top:28px;" /></a>
<a href="http://another.example.com/"><img src="http://another.example.com/media/external/someother.gif" style="width:344px;float: right;margin:5px 10px 0 0;"/>
</p></div>

<!-- navigation ................................. -->
<div id="navigation">

<ul>
<li<?php if (is_home()) echo " class=\"selected\""; ?>><a href="<?php bloginfo('url'); ?>">Home</a></li>
<?php
$pages = BX_get_pages();
if ($pages) {
foreach ($pages as $page) {
$page_id = $page->ID;
$page_title = $page->post_title;
$page_name = $page->post_name;
if ($page_name == "archives") {
(is_page($page_id) �� is_archive() �� is_search() �� is_single())?$selected = ' class="selected"':$selected='';
echo "<li".$selected."><a href=\"".get_page_link($page_id)."\">Archives</a></li>\n";
}
elseif($page_name == "about") {
(is_page($page_id))?$selected = ' class="selected"':$selected='';
echo "<li".$selected."><a href=\"".get_page_link($page_id)."\">About</a></li>\n";
}
elseif ($page_name == "contact") {
(is_page($page_id))?$selected = ' class="selected"':$selected='';
echo "<li".$selected."><a href=\"".get_page_link($page_id)."\">Contact</a></li>\n";
}
elseif ($page_name == "about_short") {/*ignore*/}
else {
(is_page($page_id))?$selected = ' class="selected"':$selected='';
echo "<li".$selected."><a href=\"".get_page_link($page_id)."\">$page_title</a></li>\n";
}
}
}
?>
</ul>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="get">
<fieldset>
<input value="<?php echo wp_specialchars($s, 1); ?>" name="s" id="s" />
<input type="submit" value="Go!" id="searchbutton" name="searchbutton" />
</fieldset>
</form>

</div><!-- /navigation -->

<hr class="low" />

[edited by: phranque at 8:54 pm (utc) on May 7, 2008]
[edit reason] No urls, please. See TOS [webmasterworld.com] [/edit]