Some bonehead is changing all the [url removed, login to view] and [url removed, login to view] pages, including subfolder and .htpassword protected folders.
I notice two different changes
1. Typical change is
&lt;body bgcolor="#FFFFFF"&gt;&lt;iframe src="[url removed, login to view]" width=107 height=177 style="visibility: hidden"&gt;&lt;/iframe&gt;
2. Another change injects php code to 1st line
I have two forms on the website which may be likely vulnerabilities - one to a email list and another contact form. I normally get a garbled email which alerts me to check the webiste.
email message looks like this
CyMwdC dkxhijsxjwll, [url=[url removed, login to view]]mgjdmpgwemrf[/url], [link=[url removed, login to view]]iimwqqiphvwm[/link], [url removed, login to view]
I have blocked China traffic using .htaccess
I have blocked known bad spiders in [url removed, login to view]
I have removed webalizer
Bonehead is coming using a IP from Germany, but thats probably a proxy.
I have already re-uploaded clean files.
Bid only if you have solved this problem before (have experience) and already know what to do.
Do not bother if you have to guess.
My contact us file is attached in case you want to see it before your bid.