Should I upgrade from IIS 6 to IIS7? I'm running YAF 1.9.3. I've been having some security issues on my website (A bot keeps inserting scripts calling executables). I've done the usual password changes. I changed computers to change the password to avoid keyloggers. In fact I upgraded form 1.9.1.7 to 1.9.3 largely in an effort to clamp down security. I was hoping the flaw was in 1.9.1.7. Originally they were in html files and the aspx files for YAF. This time they were just in the ASPX. So I'm wondering in running IIS6 might be to blame, just figuring it's older and likely less secure than II7.

However, I'd heard some people say they had troubles running YAF under II7. Should I upgrade form 6 to 7 or is there a security hole in YAF that lets in scripts that I could close?

I develop YAF under IIS7. No troubles... The main thing to note is that modules and httpHandlers have been moved in IIS7 web.config.

I believe the security issues are related to your HOSTING, not YAF. I'd know if there were major security holes like script injection in YAF.