lol, none that i can post here.

its not something that is black and white, i'm afraid the vector of attack could have been anything, but you can be sure that its probably one of these two:

1) The computer was compromised
The system where actinic was installed could have been compromised. Virus from emails or other means makes it trivial to replace 'index.html' files on the local machine. Actinic would then upload this as normal. I'd suggest that Actinic should md5 check all files on upload as well as generation, to stop this behavior.

2) The server was compromised
This takes 2 forms, and the second is usually the vector
i) ftp, its very possible for the ftp to have been compromised, because of the nature of the hack in question (some similar hacks also have content in databases).
ii) Web server based compromise.

This is most likely.

Due to the nature of Actinic (cgi-bin perl base), there were some vulns found in some perl. I'm sure they cleared all that up.

This type of compromise involves using security faults in server scripts to effect files on the server. For example, a script may accept form post. If this nput is not checked for safety, then its very likely that this input will be used to write malicious data to a disk, or even to a database.

The latter does not affect Actinic, since there is no database.

I think in this case, if this is a server based hack, its most likely that unchecked perl is the culprit, and if a local compromise is this crackers bag, then I cant vouch for the validity of the computer in question.

Regarding how this occasionally happens to Actinic sites, It could be that the server itself is compromised, and has nothing to do with the fact that Actinic is on it. some servers are very badly configured and there are *plenty* of avenues of attack, trust me.

On that note, i'd go for the simplest possible ecommerce package/setup/layout you can find/use/get/steal.

pmsl, i'm not moody you cad.