After finding the script that caused all my stress, and several ftp accounts on my account that I didn’t create, I find out on several forums that this is something specific to Servage and its lack of security.

I find it unbelievable that you haven’t notified your clients, or at least ran a script on all your servers to see who got infected.

<postscript>after cleaning up and re-chmodding the whole tree before Christmas, this thing repeated itself just after the holidays. Apologies to those who ran into the silly javascript. I have moved to a new hosting account and switched to VPS.</postscript>