I'm sorry to hear that this is happening to you--exploits like this can be extremely disruptive and troublesome.
I've had opportunities to help in such dire circumstances before and I believe I'll be able to get to the bottom of this for you relatively quickly. Whether the problem is server-side or client side, I'll find a solution.
One question, though--are there any binary (or Java bytecode) files for which you don't have the source code or debug symbols? What are your servers hosted on?
My usual process for this kind of thing is to make a perfect copy of the entire server environment, from software to clients, and use it to run tests. If you're running on Amazon EC2 or any other virtual server instance that will be extremely easy, otherwise the job will be much more complicated.
Thanks!