Ok,
I am having big problems with iframes being put into my php scripts, and I have been told the only way to fix it is mod_security.
So I am wondering is this infact true and will it play well with Interworx. I have never had suck hacker problems before.
Who and/or what is putting them into your PHP scripts?
Dont know… from the looks of the page the iframe loads its a russian group.
It looks more like they know your FTP or SiteWorx passwords then, unless it is some kind of form where they can submit comments or similar. You could use this code to stop them (change the variable if necessary):
$comment = str_replace("<iframe", "", $comment);
This would render their iframe code completely useless. You could also copy it and replace Javascript, Applet, Image or any other html tag 
Yeah, its probably some kind of “injection” code. I think that refers more to SQL injection and getting data out of a database, but i think this follows the same idea. Any big text feild entries on a from must be check for this kind of thing.
If it is an SQL injection, this would work really well at removing the html tags and preventing injections:
$comment = str_replace("<","<",$comment);
$comment = str_replace(">","&rt;",$comment);
$comment = mysql_real_escape_string($comment);
Nope this was a hack job… they got a file onto the server that let them run ecex commands. I paid someone to help me. Most likely was an exploit in 4images or CuteNews.
Either way disbaled some php funcations so there stuff would not work anymore.
Now time to clean the 7000+ files with the iframe in it.
Thank you what I needed to know 