About once a week for the past two months iframes or no-display javascript has appeared in CF pages on my website. The site is fairly large with like 500,000 pageviews a month. The aim seems to be either get on the home or on as many pages on the site as possible. Code has appeared in the site header, footer, banner ad script, sidebar ad script, and in files in obscure directories like unused Dreamweaver _notes folders. Each time it is found and deleted, it pops up someplace else.

Today I found it included in a file that is included in the home page in a very indirect manner. A script grabs the weather conditions. Another script runs the weather conditions hourly and writes it as an html file. The html file is then included in the home page. Getting something into the home page that way seems pretty sophisticated to me.

In any case, despite all we've done it keeps coming back. The host company is a small business that has been around for a long time and has been very good about solving other problems. The server, CF8 and IIS6, is shared hosting, but with a rather limited number of sites. Only my site is being affected. We've ran HackMyCF.com, ran antivirus scans and reinstalled problematic software.

On my end, I've scanned my PC with Microsoft Security Essentials and Kapersky. The FTP password, which we've changed twice, is stored only in Dreamweaver CS5.5 and in a password-protected spreadsheet. Otherwise it's typed in. My employee has a new laptop and only types in the password. I host about 50 websites with various companies. My primary site is the only one with a problem.

What can be done? This has become a major pain, to say the least.