We're frequently finding lots of php files (for sunglasses, mainly) in amongst our SilverStripe files on one of our websites. I clear them out pretty regularly, and have instructed the client to remove all unnecessary users and have changed passwords on SS, hosting, FTP etc. SilverStripe itself seems OK - I've not found any pages or blog entries which seem to have been tampered with.
It's an older version of SS (2.4.9), but it's a huge site and upgrading to the current version isn't a practical option. The hosting isn't handled by us, and the hosting company isn't interested in helping us resolve the issue.
Is it likely to be a weakness in SS, the hosting, or something else, which is allowing unauthorised access to the webspace? Any advice or pointers would be gratefully received.
For obvious reasons, I'm not going to disclose which website is involved and I appreciate that this may limit any help or suggestions.