This isn't going to be the most detailed of posts.
I'm helping out a chap who has health issues, and his site has been penetrated. He created his site, which is static and not regularly updated, back in 2010, and the files tell me he used netobjects fusion essentials.
<META NAME="Generator" CONTENT="NetObjects Fusion*Essentials*(http://www.netobjects.com)">.
Unfortunately he's having trouble locating the site parent and the software. Fortunately he has got a backup of the html, so we've fixed the damage, but I'm trying to work out how it got hit. Guessing the ftp password is one possibility of course, but I've identified three different assaults, apparently for different lowlives, so it seems unlikely.

Another possibility is some kind of assault via a netobjects feature. He is using a rollover.js for navigation menus, which I am sure would have come with his version of Essentials, which version I'm unable to identify. It starts with

// Handles rollover images for NN3+ and IE4+
var loaded = new Array();
var F_menuIsEntered = false;
var F_menuIsCreated = false;
var F_menuAgt = navigator.userAgent.toLowerCase();
var F_menuIsGecko = (F_menuAgt.indexOf('gecko') != -1);
var F_menuIsOpera = (F_menuAgt.indexOf('opera') != -1);
var F_menuSubmenu;
var F_menuTable = new Array();

function F_loadRollover(image,imageName,menu) {


Unfortunately js is not in my skill set. Is it known whether there are any css injection or other vulnerabilities in this, and if so is an improved version available? Other than that there's no js or anything else that looks like a potential vector.

The third possibility, and my favourite to be honest, is that the problem lies elsewhere in the hoster, but there's nothing we can do about that.