Hi Russel,
late reply cause broken email server :(

Here some "generic" informations.
All major CMS (Drupal, Joomla, WordPress, etc)  suffer of vulnerabilities (=
even
if updated).
They consists of:
- base package (PHP, CSS, INC, etc)
- database (MySQL or others)
- add-ons and personalizations
The infection is
- some modification to base package
- pages modified
- admin user altered
- eventually other user: new and/or promoted to admin

You must:
- put the site offline
  a) rename some folder or start page is often enough
  b) change the database password
- check the files against the base package
- check the users' database
- upgrade the CMS and ALL add-ons/plugins to last version
- last, and worst: the pages are usually stored in the database. They can s=
till
contains bad data. Search the web for specific info...

        Nicola
--=20
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.