jimbeetle - 10:17 pm on May 18, 2013 (gmt 0)
i suspect the host is to blame as they don't have a database or run any scripts except for a mailer (which is supplied by the host) ... maybe the ftp was hacked but i doubt it
The host doesn't have to be the to blame, the site doesn't have to run a database or any scripts. And *don't* doubt that the ftp was hacked.
Have your friend scrub the locl machine just in case a keylogger was downloaded. This is a *very* common technique for the bad guys to capture passwords. I was hit a few years ago.
i've cleaned it all up for them
Are you sure? Did you just clean the files or did you find the file the bad guys might have left behind?