It looks more like they know your FTP or SiteWorx passwords then, unless it is some kind of form where they can submit comments or similar. You could use this code to stop them (change the variable if necessary):
$comment = str_replace("<iframe", "", $comment);
This would render their iframe code completely useless. You could also copy it and replace Javascript, Applet, Image or any other html tag
Yeah, its probably some kind of “injection” code. I think that refers more to SQL injection and getting data out of a database, but i think this follows the same idea. Any big text feild entries on a from must be check for this kind of thing.
Nope this was a hack job… they got a file onto the server that let them run ecex commands. I paid someone to help me. Most likely was an exploit in 4images or CuteNews.
Either way disbaled some php funcations so there stuff would not work anymore.
Now time to clean the 7000+ files with the iframe in it.