Getting screwed over, need urgent help.

view full story

http://forums.cpanel.net – Hi, Since about a week we have been getting LOT of complaints from our datacenter about a few of our webs holding phishing pages, shells, deface pages etc etc. I have tried clamav, maldet but they don't seem to help a lot. I just got another complaint. The site is not EXACTLY defaced, but it has a "hacked" page uploaded inside Code: wp-content/themes/twentyten/x.php Not to mention the site is using wordpress. My question is, how can I check when and how this file was uploaded? And what can I do to prevent these things? (HowTos)