How do I figure out how the "Pharma Hack" hackers are gaining access to my site?

view story

http://serverfault.com – One of my sites has been the continuous target of the "Pharma Hack" - but it's using Drupal instead of Wordpress or Joomla. It is version 6, but it's updated to the latest version, and so are all of the modules that I have installed. I've changed passwords, deleted offending files, completely redone the installation of the site, but somehow they continue to gain access.. This site is a non-profit organization and it's seriously impacting our search results on Google, etc.. (HowTos)