We had an issue with our server being hacked and our WP site having an inframe injected into the code. So, we did the responsible thing and wiped, EVERYTHING.
Deleted all databases, deleted db users, files, folders, everything. Fresh server.
So we download the latest version of WordPress, new db, new passwords for cpanel/root/users/everything. The absolute instant that we install WP, manually of course, I view page source and find that there is an iframe injection on every page, including all wp-admin pages as well. Each iframe links to rifcity dot net.
I simply have no idea what to do. We've tried looking at it from different computers, different IP's, different States, still there. We have no idea what course to take at this point.
Server side we are using a managed VPS through WiredTree and they are falling back now that it's software side.