Hacking, please attend urgently

I reported this hack in the morning and also changed passwords. I don't think this hack is through a login. The hack is continuing. Please refer to the ticket:KVW-25174-105

I'm opening a thread here because I think this problem is serious and you should find out how the guy is getting in and doing this stuff.
We have receive your ticket and checking it. We will update you on ticket with mention all the details.
These type are not through logins, but through pages they have previously put on your domain, maybe even a year+ ago we have seen at times.

these are then being called and issued within your account to cause problems, as the way hsphere works it can be any domain on the same account as each has a working group made, and has access at group level to domains, so it can be any domain in an account and generally speaking (not directly on your issue here) the more domains the harder it is to find the one page/site responsible. I know some people put a lot of domains on on account for each of management etc, but it does make much harder when problems like these occur to track down the issue.

Thank you for the explanation. It seems quite difficult to find out how the file was created. Today, I found another one created in another place.

Idea: Is it possible to get an email notification as soon as a new file is created on my web site? That will help me catch this sort of hacking quicker. Otherwise, I will modify my 404 handler to catch such accesses and see if that helps.

On another note, sometimes it's difficult to explain a problem to your support. For example, I'm finding that I'm getting lot of 404 hits from the malware hosted on WORDPRESS sites (not mine but other web sites). In this case, the user-agent is always WORDPRESS. I want to block all such bots from wordpress coming to my web site. If it were .htaccess based, I could do blocking based on some articles I found on the web. But I don't know how to block on my Windows hosted web site. Any ideas?