Site built using iWeb keeps getting infected

I built a small site using iWeb and it had been great for about 2 years. But recently, the site keeps getting infected by some malware or virus. I have uploaded the site many times. Everytime I upload the site again, it would work for about a day and the same thing happens again. I contacted my host and they said, "there is a problem with the way your site has been coded. When sites are not coded properly hackers can infect it, this is called an "exploit". Our recomendation is you need to get your webdesigner designer to securly code this." I have no idea what he was talking about or if it is even true. Can someone please shed some light.
Thank you!

Is your website mainly static (X)HTML code or does it involve dynamic code using JavaScript/PHP? If it's purely static, then ensure that your password to the site is very secure.

Also, if you're on a shared account, it's possible that the hackers have gotten into someone else's account and if the security at your webhost isn't proper, they could access your files from there..

Regards

Thanks for your thoughts. I am a first time, novice WEB builder. That is why I used iWeb. My site is purely static.
I think you are absolutely right about the host not having their site properly secured because I can see other people's files who use the same host. i only use Cyberduck as my ftp software and I can go to the root directory of the host and see other people's sites and their files. i didn't think that would be possible, but it is. If I can see others, I am sure others can see mine and hence, infect or hack it. Time to change host, I think.
Thanks again,
Regards.

When you are viewing your site via Cyberduck, what permissions are you seeing and who is the owner of the files. The owner should be your login account on that host, and the permissions for static items should be 'rw-r--r--'. On folders you'll see 'rwxr-xr-x'.

Permissions listings have 9 columns. The first three are for the owner, the second three is for shared groups, and the last three are public. The 'r' means read, the 'w' means write, and the 'x' means execute.

If you have no scripts running on the host, then I think you hosting support person is pulling your leg that your code is the problem. For that to occur, there needs to be an 'in' to your site. A static site doesn't have that. For instance, iWeb does not create any server side scripts.

I have drwxrwxrwx on my account. But the funning thing is I can actually see that there are 4 other accounts with this same authorisation. Whilst most of the other accounts (about 200 of them) have dr-xr-xr-x. But the fact that I can even go into the root directory and see all the files being hosted on the host says to me that this host is not that secure.

I would tell the host that the permissions are wrong and ask them to fix them. If they don't, you might be able to fix them with Cyberduck via the Info command. The 'Apply changes recursively' option will apply you selection from the folder you are down the hierarchy. Do a test run on a lower level folder. You want to remove write permission from the 'group' and 'others'.

If this host doesn't want to fix the problem, then find a new host.

Thanks xstep! I will get the permissions changed. Hopefully that would be the end of this problem.