What I found was some code had been added after the closing HTML tag on the page which pointed to Google-analysis. At first I thought this was some odd response of a beta browser to google analytics but on further investigation found it to be a Trojan.

At this stage I thought it could have been either our ISP trying to track our usage or our host, so I uploaded the page again and the problem disappeared. In further investigation I found that our hosting provider Smartyhost has had problems with this as far back as March of this year, and there was quite a few reports of infections and reinfections after the code had been removed.

I phoned up smartyhost support and asked them to explain why this had happened, why it has not been fixed 6 months later and why they had not informed their customers. The guy couldn’t really answer but said to stop reinfection I should change my password, and write a complaint by email.

First I went to change my password and found that I was warned not to do that due to certificate issues as I logged in. I know that smartyhost have taken the thankfully unusual approach of signing their own certificate, but am unsure if this is the problem or they have further infections. Eventually I decided I was not game to do this.

Having had all these issues I sent what I think was a strongly worded but business like email to them asking for a response in 4 hours, which I think is reasonable especially as they have had 6 months to work up a stock reply. 6 hours later and no response.

The moral of this story is that Smartyhost does not seem able to cope in any way with this sort of issue and I would strongly advise you to think twice before using them. If you are already with them I would probably say change your passwords if you date and get out fast!