I have two domains and webhosting and email services for these domains were compromised recently. Some fucker had decided to hack into both my private website and work website and inject code into them. I had a massive argument with the webhoster about the cause, because two virus scans with different scanners didn't pick up anything, and nothing else EXCEPT this hoster's services were compromised. Not my FTP account with another service provider, not my Google account, not my Steam account, nothing. It has only been with this particular hoster.

Now my email has just been hijacked by some kind of spambot and they're claiming once again that the problem is at my end, and yet I have my two private - non-hoster - email address in the same places, and that hasn't been compromised.

Am I going completely mental, am I missing something here, or is my hoster trying to push their security problems onto me?

depends... what Webhosting Plan do you have?

- Usual Webhosting with eMail? -> If the server got compromised, it is the hoster who has to act. If just your page got compromised by using a security hole in one of your scripts, if is your responsibility.

- V-Server / Root Server? -> You are fully responsible for security.

- Managed Server? -> Hoster is resposible for server security, you are responsible for security holes in your scripts.

Nah, it was an FTP vulnerability. The hoster tried that one with me, but failed to notice that the page that had been injected was pure HTML. Nope, just plain old webspace hosting, FTP access and email. No root access to the server (it's a common gateway shared by other customers).