Welcome to WebmasterWorld, sohaibkhan.

I would venture to guess that it is likely something to do with your scripts. The JavaScript is creating an iframe and the src is the *bad* web site. Can you tell us where this code is being injected into your page? Is it in a <form> "action" attribute?

It may be a server issue also. A couple of years ago, a bunch of sites got attacked when someone ran some injection attacks on an insecure site. When I looked at the source code on my .php pages, there was some javascript right at the base of each index file, even though when the file was viewed in the Control Panel, there was nothing there.

Strange, but thought I would mention it.

:)

Also it can be due to FREE DOMAIN REDIRECTION or FREE HOSTING ... like if you get a domain redirection from (DOT TK) site then they use 0 widhth, height and margin frame to keep the original DOT TK URL constant for all your pages, if you check your code you would find similar kinda java script in your pages mostly at the end of code. also some hosts providing FREE HOSTING adds their javascript Snippets to show Ads specially who display Ads based on Country IP. so if you are using either FREE HOSTING or enjoying FREE URL REDIRECTION then its added by FREE service provider.

Iframe counter attack
place the following (as I have seen)
in each of your files
it's a little JS

if(parent.frame.length>0)
{
parent.location.href = location.href;
}

Thank you for all your responses, all I can say it just start happening in all my scripts, I notice that since yesterday and all my php scripts which I am running in my servers having that same problem for some very unknown reason.

any expert could you please tell me :-

Is my Server Hacked or is that something to do with PHP Scripts.

If my server hacked that I can simply re-install my server please kindly let me know - Thanks for all your help.

your server being hacked is probably not the case but your site may have been compromised. They are 2 very different things.

first thing I would do is contact your host
I would also start looking through logs to see if you can identify when/where it happened

what 3rd party scripts or software packages do you have installed? look for common exploits and patches for them all.

I would also search through and find where the code is injected and remove it

well i have restore my server and same thing so i cant check the log files but yes what is register global do i have to turn that thing off or on. as it was on before.

well I have found this

<iframe name="poz" src="http://example.com/" width=5 height=5 style="display:none"></iframe>

it was in my index.php but the question is how the person can access my FTP script..? Didnt quiet understand ...

[edited by: coopster at 10:24 pm (utc) on Feb. 18, 2006]
[edit reason] generalized url [/edit]

you have a script that ftp's? is that a third party script?

what other 3rd party software or scripts do you have?

yes, you should turn off register_globals for a start

after spending 4 hours I have found r57shell.php in my server in different directories and when i access that file it seems like any one from anywhere can access my server and messed up everything, i dont know how the person got in there and load that file is there anyway I can protect my server so that that person cannot load that file again.

throughout your thread one thing is not clear,

are you using FREE hosting or Paid Hosting?

if Free.. then welcome to the hell :) and if paid, then ask your HOST about this they can surely help you in this.