Hacking of wp-config.php resolved

I’ve just managed to resolve a hacking issue that’s popped up for the second time. I don’t know what the exact issue is, or where it started, I’m hoping the community could help resolve this for me.

Every once in a while my wp-config.php gets hacked and the following line gets added:

require(‘/usr/www/users/SITENAME/wp-content/uploads/2009/05/themes.php’);

It’s happened twice now, both instances also create the file themes.php.
I then copy all the .jpg files in 2009/05, delete the other files created (it numbers in the hundreds of garbage files).

Symptoms I normally get are:

Links that get referred via Google end up on a blank page.
There are links referring to movie websites in the footer
The site load times double
The homepage shows no new content – it stays the same as the first date of the hack.
The admins don’t see the hack at all, it only gets displayed to non-admins.

I’ve locked my wp-config file to 640 now, as well as locked the 2009/05/ directory. I’d really like to know what the source of this hack is, so if anyone else has also experienced this, or knows how to solve it I would greatly appreciate it!