i analyzed the iframe hacks appearing everyday. This is mostly not a fault of the servers, the application or a bug/vulnerability of the software. The server easily gets compromised with your credentials!
The seem allover of Filezilla Users. Filezilla has Kiosk mode enabled by default which saves _all_ credentials ever typed into the logon/password fields of Filezilla! If you catch malware via drive-by download these file might get compromised and so your servers..
You have to change the config files in your home folder.
See the file fzdefaults.xml.example (docs subdirectory). Inside are instructions how to set FileZilla to not save passwords (kiosk mode 1) or not to save anything at all (kiosk mode 2).
More info on the attack on my blog:
Please spread this info..