I have had an eBay site inserted in coppermine directory. It was not a password hack, as I've gone through that with the hosting company.
What exactly needs to be cleaned up after running an update. I've faithfully updated all along was at 1.4.10 and my site was shut down while they could figur eout what's going on.
It seems that they upload a file to the gallery, and some how that does some sort of "insert" into \public_html.
Again running what I thought were clean upgrades, run when instructed to by checking here.
Are there some things to look for to see that the install is not clean and maybe I have some older files?
Read that announcement thread http://forum.coppermine-gallery.net/index.php?topic=31534.0
Should give you most info you need