I received an email this morning:
Your 1&1 hosting account has been attacked via an insecure PHP script you installed on your webspace. You will find an analysis of the attack and instructions on how to secure your webspace against future attacks in this e-mail.
1. Analysis of the attack
1.1 Your following software allowed hackers to misuse your webspace: /kunden/homepages/21/d335407014/htdocs/dancemagic/wp-content/themes/InStyle/epanel/page_templates/js/fancybox/jquery.fancybox-1.3.4.pack.js
1.2 In order to impede further attacks, we have disabled these files. Please note that part of your websites may be impaired.
1.3 You will find information on the technique the hackers used on:
http://en.wikipedia.org/wiki/Remote_File_Inclusion
http://en.wikipedia.org/wiki/Code_injection#Include File Injection
2. Required measures
In order to reactivate your websites and re-establish the security of your 1&1 account, replace your following software with an updated and secured version: > You will further information on:
Please note: Hackers will very probably return to your website. This means that the attack will reoccur as long as this piece of software is not updated.
IMPORTANT: Such attacks represent a serious danger for your webspace. In the future, please check the websites of your software vendor for security alerts and update notifications on a regular basis.
PLEASE HELP!
I have completely emptied my root directory and reinstalled from a known clean back up and yet when scanning the website it still shows that I have malware and injected code from using something called IFRAME.
I am not a newbie in terms of web development but in dealing with something like this I have little to no experience.
Any advice would be welcome.
Thank you for your time