Thanks for the tip – I have an issue though – everytime I clean the files… a few days later the attacker has just added them somewhere else..

I have a web server with many clients on it, and its always this one client’s website that is being hacked. I have had her change her passwords, and one time I changed them just to make sure they were really changed…I downloaded a blocker by IP/country to block everyone outside the US(yes I’m aware the attacker could use a VPN) – I’ve installed WordPress from scratch so that no files were carried over, I keep the site and server completely up to date (Centos w/ Virtualmin and Webmin) – I’ve reinstalled all plugins…I’m at a loss here at what else to do…

Any help or quick links would be appreciated…I know you’re busy but this is ridiculous. If anyone has ideas, please post them because I’m sure there are more people in this situation…