Georged8 – I found it, the malicious code was indeed in the .htcacces file and seemed to be injected by the social plugin mentioned before.
Thank you VERY much for your quick help. Cost me three hours of my life but learned something new I guess. Why anyone would do this to an insignificant Dutch MMA website is beyond me, but oh well.
Hi Steve, thanks for the help there. Following the guide currently. A lot ends up with me having to pay (a lot) for a service which is my last resort.
Georged – looked in the footer and header, nothing strange turns up. .htaccess is not present in my root directory when using an FTP: is it not there or should I look for it elsewhere?
