So, I built my first website for a friend last year. It's only seven pages of HTML and has only a few instances of Javascript (Lightbox and an image slider on the homepage). Last week my friend was notified that the site had been blocked by Google and subsequently his account was suspended by the web hosting firm.

I found a malicious script on the homepage, which I deleted. Like an idiot I didn't change the login password after doing so, and the script reappeared. This obviously suggests that the hack is due to someone cracking into the account and not a code injection - I'm presuming a code injection is not actually a possibility as the site has no executable files (PHP, ASP etc only JS) - could someone confirm that?

I've now changed the passwords for both the login and email login as the email account was being used to send spam. I've updated all the Javascript files to current builds and cleaned out a whole bunch of dodgy files from the home directory including a bunch of PHP and images that were from the spam email.

What I'm most concerned about is that I found a mysql file ('horde.sql') when I backed up the site and wondered if this could be related? A little google suggests this could be a normal file, but when I look up mysql databases in cpanel there are none shown. I haven't created any (as I say, the whole site is just HTML/CSS) so could this be a dodgy database created under a different user account?

Thanks for any advice