mx209

Ditto..to the problem on Mosso..i cleaned everything up, locked everything down, switched from ftp to sftp. Disabled every other login..only have one used from one location..problem was back today.

Mosso is my hosting provider. As far as 777 is concerned. I know directories should NOT have this permission, but is it an issue if some files do?

thanks for asking. Before today, we used regular FTP...after you suggestion I have switched to SFTP...if my ISP had the smarts to look at the IP's they could probably tell me if someone other than me accessed the site..we have one ftp and only use it from one location.... can you share who your ISP is (first letter perhaps)...this may be ISP specific/related..

Had the same B1 problem today, judging from other comments it looks like its going around. We have one FTP account that is used from one location so not sure how this happened. - mostly index.php and index.htm files touched - some .xml (I guess ones with html inside) - handful of other PHP files affected (had to contain html) - looking at the XML files affect, it seemed if found a HTML block and put the following after it: <b1><!--em5MZER2eNoly1EKgCAQRdEV5ZPKqOWYDiU0DsQLW35Cv/dwoZVgvA+hHzEFP68BWdRcK7lHjSzJJVM02ZGsUvqw+A2/D+dDWnWvXh/JFhpm--></b1></body></html> Our ISP isn't very being helpful on this one. Has anyone found out how their systems were compromised. Is this via FTP, injection?