The difference between the main site and store pages is the query
strings. Main = appears to be all or mostly static .html pages. Store
= dynamic PHP with query strings.
If there is still a problem, it is most likely SQL injection on your
PHP pages. See recent posts here about Asprox for info about this type
Here's an example of the problem:
What if someone calls the page, but puts a URL where "specials" should
Study your PHP script to determine what the page will do under that