Thanks, good idea. it's blacknight, and my site has not changed at all in several months. Do they do this at all does anyone know? I'll mail them and ask...
My site was up to date with wordpress v3. I think some of these are actually viruses on your computers that get into your website via your pc - or so I'm told anyway... Where should I be looking in wordpress files to try to find the malicious code?
Is there anything you can do to prevent future atttaks
You could check the file modified dates in ftp, any files with more recent modified dates since you last updated them might be hacked files. Check index files and htacess files in particular for anything dodgy and update your ftp passwords incase they are comprimised.
Once malicious code is detected you have to remove it carefully.
Then protect website from being hacked:
1. add extra authorization for admin panel (e.g. allow access from particular IP)
2. make most of files and folders "read-only"
3. upload, cache and temporary folders make writable but put .htaccess into them to deny access to .php files inside
4. disable system functions of php: popen,exec,system,passthru,proc_open,shell_exec,ini_restore,dl,symlink,chgrp,putenv,getmyuid,fsockopen,posix_setuid,posix_setsid,posix_setpgid,posix_kill,apache_child_terminate,chmod,chdir,pcntl_exec,phpinfo,virtual,proc_close,proc_get_status,proc_terminate,proc_nice,getmygid,proc_getstatus,proc_close,escapeshellcmd,show_source,pclose,safe_dir,dl,ini_restore,chown,chgrp,shown_source,mysql_list_dbs,get_current_user,getmyid,leak,pfsockopen,get_current_user, syslog