I thought it was only donnaville that was infected… nope! All my sites! And I’ve got a bunch. I ended up restoring a backup from 2 weeks ago for them. It worked fine. In fact, I am thinking I may do the same thing for this site since one of my other sites somehow kept the current posts which is why I didn’t want to do a restore here, thinking I may lose the last couple weeks of entries. My big fear is that there are more infected files on donnaville that I am just missing. That’s the reason I am thinking of doing a restore here too. I do not understand the hacker’s mentality. I understand they are making money but STILL! It’s just rude and obnoxious and plain EVIL!
donnaville
sugar and spice and everything groovy
Do you know if you’re servers are running Linux ?
Do you have shell access?
If the problem is always that same iframe line appearing, a couple of magic find’s and grep’s could set you right.
I think they’re running Windows, but I honestly have no clue. So far it seems that all is fine since I restored a back up of the other sites and cleaned up donnaville on my own. If this happens again, I may be asking for more info about find’s and grep’s.
Maybe your ISP’s application servers have become infected and all sites hosted by them have the same issues that you have discovered?
Sure thing – if you need help shoot me an email