Hi Jason,
Thanks for getting back to me so quickly.
I do use HTML editor however it is only available at an administrative level. Within the admin level I am also using file upload to upload pictures. Now there are 3 levels of admin access. 2 are in use at this time. The customer had me also add in a 2nd party iframe into the site. I'm not sure if it's possible to access the site through it or not. My fear is that it could be a wordpress or drupal site. I am having him check. I know this is a long shot. Link to that page is listed in the private message.
Also, on the site is an ecart application and I have created several admin pages with data assist. The search function is also used on several product pages.
One issue i had contacted you in the past was one of two locations where pictures are being uploaded. For some reason we ended up with two folders where the product pictures are uploaded needing to be set to permissions 777, or the pictures would not be uploaded. however in a section where the page information pictures are being uploaded the permissions are 755. The 777 make me nervous. However these folders are at a 2nd level. and are behind security assist. The files they are hacking into is the index.php file and loading a .htaccess file in the route of the site.
Just so you know the first time we were hacked we changed the username and password for the FTP as well as the MySQL password. Both complicated. This time the service provider also changed the place where the site resides on the server to see if they are in fact coming in some back door however this one test site is the only one they have attacked on the server.
Not sure if this means anything however they were able to change some of the ownership to be Apache driven. I can ask for more info on what they found there.
Overall it's just a frustrating experience, especially since we were hoping to go live in a week or so after proofing the content. But now should we wait a few weeks to see if they come back?
Not sure if I covered everything here or not. Let me know if you need more information or files. Thanks in advance for your help.