On 28/09/2012, at 9:40, Roger <arelem@bigpond.com> wrote:
Further, If he (is developing on a windows home pc and) has no intrusion protection, high quality fire walls, etc, he could find that his personal machine is also hacked and that he is inadvertently placing the code while developing.
The FTP credentials stored on a desktop with malware are the most common cause of inserted malicious code, I've found. Another common one is a vulnerable version of Joomla, which is easy for spiders to find on the web. I'd recursive grep over the whole sites files for eval( and variations of '<scr'+'ipt>' used to inject html. also often the bad code will only be served to specific users to e.g. prevent google from detecting the site hosts malicious code