Somehow someone is hacking my default.aspx page and inserting script that redirects users to a virus site. I've been overwriting it each time it happens as I try to find the issue.
I'm on 7.04 (will be upgrading when possible). I've removed the entire Install folder and searched for any other PHP or ASPX page that could be suspicious and haven't found much.
I've also restricted uploads file types to just images. I've changed my FTP password.
What else can I do until I'm able to upgrade? Thanks for any suggestions.