|
sucuri.net is a good start.
does your script use a database? have an admin area with elevated privledges?
allow uploads of images or posting of text?
if you can, scan all files for "base64_decode(" & other common tale tale signs of compromise. "can't remember off the top of my head but a quick google search should point you in the right direction".
|