Well who would have thought it was worth spending the time to brute force an ftp login and then replace all the html and php files with the same file including a small iframe to inject some iffy code into the browser. Well someone did and was happy to spend a few hours down loading , modifying and uploading by code.
Fair play to Google who spotted it and flagged it, although at the time I had no idea what was going on, and I was quite impressed with Dream Hosting.co.uk who responded to by query quickly saying that some Italian IP address was uploading files as we speak. Great recovery system they have, a few clicks and all the files were restored to the previous nights state… after changing my password of course.
All clean now. www.poppit-sands.co.uk