I have a site I'm building for a client but I've come across a real problem.
The site I'm building (http://waynefarrell.com) has now been hacked twice.
The first time whenever I tried to access the login page I would be redirected to some site called antiviru.ru. After trying a few things to stop this (unsuccessfully) I had to delete the WordPress site and rebuild it.
For a while afterwards everything was fine but yesterday a new problem started occuring.
Now what happens is every time I click into a new page on the site I'm immediately informed by my Norton antivirus that an intrusion attempt on my computer has been blocked. Below are the details Norton gives me:
Intrusion: HTTP Neosploit Activity 3
Intruder: localhost(3643) - this number changes each time.
Risk Level: High.
Attacked IP: http://www.mediagotech.com(22.214.171.124)(CAUTION!!) - The website name changes occasionally but the IP is always the same.
Attacked Port: http(80).
I have no idea how to deal with this problem. I've changed passwords and file permissions to no effect so far. As the site actually belongs to a client I need to sort this out as soon as possible.