I wonder if anyone has found a genuinely effective method for preventing this type of hack. I've tried the script from http://anti-gumblar.oxio.net and it does not seem to be effective: I've seen hacks take place which this has not prevented. I've looked at ConfigServer eXploit Scanner (ConfigServer eXploit Scanner (cxs)) but it seems to be fairly similar and also gives the impression that it will throw quite a lot of false positives? I should note that in the most recent hack the affected files were 100% obviously infected with iframe hacks from a visual inspection, but they were passed as totally clean by ClamAV, F-Prot and Malwarebytes. I know F-Prot at least does definitely find at least some iframe hacks in HTML files etc. I've even considered writing some kind of search for all infectable files (htm, html, php...) for <iframe... stuff and email me a report to visually check. It's usually easy to spot the non-genuine iframes visually. Any better ideas? This is very frustrating!