so some time ago (maybe two weeks) on my website strange &--#60;script&--#62;s started to appear. i can't understand how it's done but it redirects users to suspicious sites. i've done some digging on that matter, found out it could be an xss attack. some people recommended using htmlpurifier, so i included it onto my files. yet it seems it didn't stop the attacks at all, literally 10 minutes ago i had to manually remove &--#60;script&--#62; again. the script thingy contained this: (by the way, i see here &--#60;script&--#62; is filtered nicely, maybe I installed htmlpurifier wrong? my code below) my webpage consists of two .php files (index and one about author), cutenews folder (news system using text files instead of mysql) and htmlpurifier. my site is mostly made out of simple html, it's .php just because I wanted to include cutenews into it. could anyone help me? it's the first time I deal with stuff like that.