a friend's site has been hacked and I can't find the hole http://pembrokeshirepaths.co.uk/ looking via ftp, in WordPress, MySQL, I can't figure out where this is coming from. index.php is the usual WordPress file, there's no other index file in the root, database looks normal. ideas?