All that means is that however they are getting in, they are changing different things at different visits. This is normal.
If you find no trace of the “attack” in your access, or error, logs then:
You are either not recognizing it when you see it
It’s likely not a compromised script at all, but very likely someone with your password(s).
Irrespective of what the poster at the other forum might be wondering there has been no “massive attack”. Now, I too have “found a lot of infected webs” on every host - primarily the result of people running old, unpatched software that is known to be vulnerable. The WordPress bloggers who can’t be bothered to upgrade are far and above the best example of this in the past couple of years.
–DreamHost Tech Support