Hi All, I'm new to these forums. Hello! The reason for my request... 2 years ago I was designing a web site for a customer using osCommerce. One morning I received a phone call from the customer who stated that there was an unusual amount of traffic coming into the site according to what they were seeing in the admin area. Initially I assumed it was me as I was working on it at the time but then I had another call from them saying that they couldn't log into the site and update the products and that when they tried, it was coming up with a porn page with a request to download a video player. I discovered that the server (it was using the IP for access as opposed to a domain name so I did a lookup) that this page was held on was based in Turkey. I tried the admin area myself and knew straight away that the site had been hacked using injection techniques. In order to try and figure out what was going on I... 1) Immediately checked the traffic logged by my ISP and identified the IP address for all the traffic (over 50% was from this IP at the time). 2) Pinged the IP to ensure it was still 'live'. 3) Entered the IP into my browser address bar. The resulting page that loaded was a router which contained a TalkTalk username which usually consists of the TalkTalk user's landline telephone number. I Googled the STD code of the number which came back with a location in West Yorkshire. I sent an email to TalkTalk requesting their log file for the day for this particular IP. Their response was that they do not hold log files for IP address, it's sources or designations. I then created a screenshot of this page along with some other pages and sent them off to the Police together with a statement of my actions, the ISP log files, and traffic stats that had been created with Webalizer. The police investigated the incident and reported their findings. Firstly they performed a subscriber check on the TalkTalk username which came back with the same address registered to the phone number that was in the username on the router page. They attended the address and confirmed that the occupants did not hack any site, the family didn't even know what was going on and were totally shocked. The Police then ran a subscriber check on the IP address that I had given them. They sent a report to the customer who also passed a copy onto me. Their findings shocked me as they stated that the IP address came back to me! I haven't got a clue what happened here. The Police dropped the investigation due to lack of evidence but the customer is now accusing me of hacking their site, despite me being the web designer. Can any security experts out there shed any light on what may have taken place here as I am at my wit's end! Thank you all in response, Darren.