system
9
We have finally found a solution today … thought Id let everybody know in case somebody has a similar problem.
We cleaned all the front-end through Windows Defender and Ad-aware Lavasoft. No virus was found, so we figured the problem was in the database somewhere.
Somebody then suggested we look in the facileforms subrecords in PHPmyadmin. I realised then that somebody who has nothing better to do with their lives inserted a script via one of our forms. Apparently this is called cross-site scripting … they insert some javascript into a form, which looks to another website hosting a Trojan, and so it looks as though there is a Trojan on our website. I deleted the offending records. Were running the most up-to-date version of facileforms It seems the only way to stop this from happening again is to check the database daily and delete any subrecords that have a script in them.
Thanks for your advice Absalom, however were running PHP 4.4.4 I believe so I dont think that was the problem.
During the past couple of weeks we have contacted our web host several times and they would not answer even the most routine questions, such as “are you running Front Page extensions on the server”. I am not impressed.