smh.... I'm laughing from delirium ...really... I mean it's just so freaking funny... And I can't figure out why or how... well why doesn't really matter; I Googled and found lots of other sites hacked with the same iframe so I'm not the target specifically, but damn man....freakin A.... hackeddddddddddddddd before you say: 1. they were various blogs and not even all that were on the same host/account. Meaning: a. I have one reseller account that has 4 'accounts' on it. One one of those accounts I have 15 blogs. Only 7 were 'affected'. Of those 7, 6 were wp v 2.7.1 and 1 was 2.8.2. Of those 7, 2 were established last year. One of those two was established the same year as another one of those 15 blogs and yet that one was not affected. b. None of the blogs on the other 'accounts' were affected even though they were created only a month before the ones on the affected account. 2. I did not update my older blogs because of the recent problems with the latest versions of wp and the plugins I was using so I decided to wait until everything was fixed, but the afflicted sites varied in their wp versions! 3. I did not use the same passwords on any of the blogs. 4. I manually installed half of the afflicted blogs! [and before you say it, I manually installed some of the ones not afflicted too]. M A N U A L L Y! I was sooooo manual about it that I made nifty db names and db user names and nifty passwords and generated new 'security' keys for each and every config file...........GRRRRRRRRRRRRRRRRRR...... 5. I haven't found another blog on my other accounts yet that has been affected and these are blogs I setup either on the same day or same week or monthish as many of the afflicted blogs. Before you say anything THERE: a. Most of those accounts are with the same host as the ones affected [hostgator btw] b. I haven't updated those either but they vary in wp versions too. idk what went wrong. :/ All variations of this link are iframed in the afflicted files too: Code: http://c9u.at:8080/ts/in.cgi?pepsi147 I wouldn't even have noticed if I didn't actually login to my adsense and notice some channels not performing. GAWD! K so this is my first time being hacked [scratch that--I have been hacked before, but not while using Wordpress] so I am just blah. But at least now I have stopped laughing... the delirium has subsided...I needed to vent....Now to fix the sites............gawd.