in my blog (electricbeach.org) there is some advertisement spam inserted at the end of the page. This is happening through something added to the end of the blog_header.php file. It is some cryptic script, a long list of spam links and then another small scrip block.
I can remove these entries from the php file, and temporarily things are good, but next day the problem is back.
I can't find how this stuff gets injected in the file. Any idea how to diagnose this further?
I checked the DB for a hidden admin account, in case this is what is happening, but I can't see anything in the user DB.
Any help welcome!