Thomas – Thank you for looking at my log files and for your feedback. As I mentioned in my initial post, this is all a bit new to me! So am I right in thinking that (in layman’s terms) an ‘injection’ is an attack where they get the server to run a malicious PHP script but in my case I’ve just had my FTP log-in details stolen by one of the many, many trojans on my computer?

At any rate, I’ll take your advice and do some more research into how I can turn off allow_url_fopen via HTaccess and hopefully that’ll improve my security.

Anirban – Fasthosts.co.uk host my site, I queried them specifically about SFTP and FTPS as alternatives to straight up FTP, I’ve pasted their response below:

“Thanks for contacting us with your support enquiry.

Unfortunately not as this is not something we currently have in place.

However in future we are considering these are an improvement.

Regards

Thanks again for contacting us."