I found a malicious script on the homepage, which I deleted. Like an idiot I didn't change the login password after doing so, and the script reappeared. This obviously suggests that the hack is due to someone cracking into the account and not a code injection - I'm presuming a code injection is not actually a possibility as the site has no executable files (PHP, ASP etc only JS) - could someone confirm that?
What I'm most concerned about is that I found a mysql file ('horde.sql') when I backed up the site and wondered if this could be related? A little google suggests this could be a normal file, but when I look up mysql databases in cpanel there are none shown. I haven't created any (as I say, the whole site is just HTML/CSS) so could this be a dodgy database created under a different user account?
Thanks for any advice