there's no need for secrecy because there's hundreds of sites that will inform you about Cross site scripting or other ways to attack a website.

Ioi:

Since I have adblock plus installed since ever, I assume it's not the ads. (I never see any flash on this site because its blocked.) Nevertheless I got two warnings today from my Work-PC's Norton antivirus (got linux at home, yay). To be sure: deactivate all the ads for a day or two and watch if it changes anything.

It's true that somebody could have got your PW through keylogger or else. If you login using ftp note that this is not secured at all. If you have the possibility, only allow file changes on your server through sftp or scp. (and of course change your pw and check your private pc thoroughly)

You said the header file is being modified by the hacker. If your webserver is a linux machine, check yourself or, if you can't, let your host provider check which users/groups have write permissions on the file. If the web server user is allowed to write that file, then your PHP frontend could have a security issue which needs to be fixed.
If not, then the hacker probably has your password and logs in with your account. Or he's got another way to log into your webserver.

It's not an easy task to find out how a site is getting hacked, but if you try out a lot of different things I think you will be successful.

PS: Just another thought. If you can, edit your php.ini to the highest possible security settings. If not, you can override the settings manually in the php code. Check out http://www.phpfreaks.com/tutorials/10/0.php

Hello

Thanks for the help Jman and others, adding these adresses in Adblock seems to solve the problem for now. :)

Bye.

They don't target Linux as much as they do Windows.  Plus I don't run as root.  I'm hardly concerned. 

Nothing has hit Safari users yet on this site.

I am posting from my girlfriend computer ,mine was destroyed by a virus two days ago .I was surfing the internet and then an alarma appeared saying that my system was infected ...using the service pack 2 I tried to locate and erase the viruses but some 2 minutes later the computer rebooted ....from then I cant use the computer as it reboots as soon as the Windows main page appears on screen .I dont know what to do ,I will consult to some friends that are informatic engineers in 2 days but for the time being I am PC-less .I can access the internet thorough the PS3 at least ....

of course not... it only ever hits windows users using internet explorer. But since they're so dumb using windows with internet explorer, you cannot expect them to learn.

Edit: oops i was a little too late, the above was meant to answer stof's post.

Diomedes: sorry to hear that. Did you use internet explorer?

Diomedes, if you go to Start > Run you can type in "shutdown -a" no quotes and that should stop the forced reboots. Of course thats just solving the symptoms I'd only recommend using that if you need to download any necessary virus removal software/updates and don't have another machine that can do it for you so that you can just boot it into safe mode and pop the disc in with the cleanup tools and get whatever is causing it removed. Err just read closer that advice is only good if its giving you any warning at all about Windows will shutdown no idea if its rebooting the second the desktop shows up.

Ok, no need to turn this into a flaming thread.

Firefox zero day vulnerability released yesterday (uses quicktime, which by the way, was one of the exploits I saw being used...but not the way described). Safari has also had zero day exploits. The point is, just because you're using something other than IE don't assume you're safe. Take the extra precaution and block those sites.

As much as firefox lovers love to bash IE the fact remains its one of the most popular and powerful web browsers in the World. IE7 gives firefox a run for its money ( I use both) and you can expect Firefox to recieve the same attention from virus writers once it gets popular enough.

Darkfire001: Nononono, take that to another thread. While I appreciate the bump to keep this to attention, you can argue about whose browser is bigger in another thread. This thread needs to stay focused on what sites we need to block until ioi gets the hacker locked out of his system.