Hi,

If they're adding it into the misc-scripts section of your admin then it sounds like they either have database access or access to your admin area.

Change all your passwords immediately (FTP, Database, Admin)

You should always apply the latest security updates too.

JHLC posted some excellent advise on how to recover from a hacked website on this post:

https://community.magento.com/t5/Technical-Issues/Possible-hack-or-virus-attack-on-my-magento-websit...

I just updated to the latest version - would the security fixes NOT be included in that?

PWs are very secure dont see how anyone could guess them.

Just got another injection - code added to script section.

this could be from anywhere, if you host another sites in the same server, then you need to scan your server with maldet and clamav.

usually they will find some backdoors for bots. wordpress and jooomla are 95% cause.

Hi,

I completely agree with MagenX. If you're sure your magento is up-to-date and you have changed any passwords (including mysql, ftp, admin) then it will almost certainly be some other software on the server that is affecting you.