Server hacked: How do I fix, diagnosis and prevent?

Question

Possible Duplicate:
How do I deal with a compromised server?

WP Site (up to date with version & plug ins)
Cheap budget host

Inserted on all of my pages inside the tags are the following code

Fast Cash Advance Fast Cash Advanceif(document.getElementById('hideMe') != null){document.getElementById('hideMe').style.visibility = 'hidden';document.getElementById('hideMe').style.display = 'none';}

How do I remove this?
What steps can I take to prevent this from occurring again?
How can I identify the susceptible area?

Thanks.

Wipe the system, restore from your backup, fix the problem. – Zoredache Jan 10 '13 at 02:44 — Zoredache, Jan 10 '13 at 02:44

score 2 · Accepted Answer · answered Jan 10 '13 at 02:59

How do I remove this?

You need to restore from some backups.

What steps can I take to prevent this from occurring again?

The best ways which you can reduce the chance of getting a WP site hacked:

Change db table prefix to something else from WP default
Change WP default admin username to something else which no one can easily predict
Change the default admin dashboard (/wp-admin) URL to something else, using .htaccess rules, which nobody can predict easily. If you are confused with .htaccess rules, use some addons like stealth-login

Actually, if this is just a WP hack, ideally you don't need to wipe out your entire system. Since, you don't know whether its a complete server hack or not, it is better to wipe out completely and restore from backups.

Server hacked: How do I fix, diagnosis and prevent?

1 Answers1