I thought you guys were bought out by al qaida?
I spent 8 hours today cleaning up all dozen or so of my sites, still have some do to. Getting SMF and Wordpress working again took the most time.
Every folder on every website on that computer was affected. Every index.html, index.shtml, and index.php was replaced with that radical Islamic web page. Someone was running an old version of PHPBB (a forum software) and was able to use the backup/restore function to gain root priv and restore to the entire disk.
in a classical over reaction, my service provider removed the exec() function from php, which I was using to update the database. was in a panic on how I was going propagate the database, until I realized I still could run chron jobs. now it runs every 15 minutes, whether the database needs updating or not. Don't know why access to the shell is dangerous from php exec but not from chron.
if you understood all of this, then you're a geek too.
