I can’t speak for Magento as I have yet to install, except for a temporary demo install a few months back. Anyway, I had this same problem with Joomla! for the last month. The iframe malicious code injection was a downright nightmare - and it spread to all of my sites.
There were issues on my part and my hosts.
You can keep fixing that index file but I can promise you it will come back if you don’t take any precautions.
First - you should consider that you put it there from your own pc. So I started with malwarebytes.com and the hijackthis and got rid of few trojans - who knew.
Then you need to pass protect your admin folder through the cpanel option or whatever - so basically you have to login twice to use the admin interface. That helps alot. But again, if the virus is already in there, changing the pwds won’t help until you can get it out.
So use your ftp to see the dates of last access files - look for your folders that have an index.html ( which the viruses reside like the one mentioned above and you can double check from your original files and remove those looong number sequences, in Joomla anyway, not familiar with Mage to say for sure ) and then also the folders with the added .htaccess and random number .php file like this: BTW, I had 2,692 of these files to remove plus each one with an .htaccess to delete as well. Ouch.
A robot hits on a non eixistent file, the little buggers, and “looks” in the htaccess file which shows an error redirect to the .php file which refers back to ...... WHERE?? exactly.
So, you have to have your host run a clamscan or something on everything. And they won’t even catch the .php files most likely. Don’t even bother changing them until you find to script that it goes with. Mine was found running under Usage.php which looked like it belonged but clearly did not so that was immediately deleted.
Oh and make sure your host is running the latest on Apache and Php. And hope your existing installs are compatible.
And another way to check is unually high bandwidth for a site you know isn’t getting that much traffic. There are also randomly named folders with funny names like ‘water’ or ‘catch’ added that contain, get this - images like you get when you get spammed with drug and pill spams. Well they’re using your bandwidth to host those images! And you’re getting blacklisted.
Now I know this is alot and I’m not very organized in my thoughts here but that’s about how it felt going through this. And I’m pretty sure there were multiple types of injections in the sites for different purposes. If it was only one type then wow, it’s a pretty complex virus/trojan whatever.
So..... while I’m now convinced anything written in php is pretty much up for grabs by crackers, let’s not lay the blame totally with Magento as Joomla has the same problems and probably many more - still can’t figure out why people are flocking to PHP? And yes, I guess I’m a glutton for punishment because I’m going back for more and will continue to use both Magento and Joomla again until a viable yet affordable language comes along
Good luck and make a checklist for your host and yourself to get through the process. Keeps down on the runaround.
The totally depleted but not defeated -