[raducu]

The moral of the story should have been -- change your hosting provider the minute they commit such a blunder.

[aepiepaey]

The first time might have been forgivable, but with the second incident it was definitely time to change provider.

The conclusion for what happened is obvious: the host "patched" what the attacker had done, but not the vulnerability that gave them access. Thus, the attackers re-used the same attack later to re-gain access.

[bringtheaction]

Indeed. Like they say, fool me once, shame on you; fool me twice, shame on me.

However how do you go about picking a new provider? How do you know that anyone else is any better?

[twhiston]

nine.ch is better (disclaimer - I work for them ;) )