My hosting company is telling me that my site is infected with a couple SQL Injections. I am not 100% if I believe them, it seems as if they are trying to get some money out of us. Is there anyway to have somebody look over our site and tell us if this is true? Our home page is wordpress and our forum is vBulletin. They are trying to charge $95 an hour for work. If anybody from here can do it for less, might consider keeping you on for long term database help.
Who is your hosting company and what is your website? PM me if you want me to take a look, I have quite a bit of experience discovering and fixing vulnerabilities.
Make sure the database user has the least amount of permissions required to run those programs. Then, make sure you are using the most current versions of vBulletin and wordpress. Then make sure all of your plugins are updated. Finally you need to look at any custom code especially if it involves accessing the database. Both of those software apps are vigilant in their updates especially if it involves a security. Generally if a site is susceptible to SQL injection it doesn't take long for the database to be compromised.
I can take a look at it for you if you want me to. I know my Username is FlashJunky, but I'm very good at PHP too!