Same here.
I use my website as a sandbox for several things.
For some reason my /404/index.php was changed.
But now I have to download 2gb's of web files to preserve my uncorrupted source files.
I requested FTP access logs, but some form of XSS attack with an iframe.
How they were able to gain access isn't currently known, but lots of fun going through every single page to do a file comparison.
And then change all of the database passwords and connection strings.
I was able to verify it wasn't done using any scripting means.
Once I get the FTP logs I will look to find out if it was brute force or if they had the password.
All I know at this point is the file changes occurred within the passed 7 days.
To find out if another site was corrupted please post websites you frequent regularly to see if it has been XSSed (a forum that is stealing your session/cookie info)
My site: torntech.com (sand box, several subwebs)
I use NetBeans IDE that has my password stored and is unique as compared to website I visit.
I also use google chrome.
This is not a spam attempt but an attempt to find the source of the compromise hence the full url was left out..
mootools
mooforum (which is oddly logging me out)
ch131
bleachget