Some of my sites got hacked in the last couple of days.
I rolled back to a 2 month old backup and upgraded to 2.6.5
This cured the main site but the manager remains compromised and unusable immediately taking you to dodgy external websites when you click anywhere on the interface.
I can't see in the code how this is happening, it seems to wrap the manager interface in an iframe which links to external sites.
I am not using the gallery extra and have grepped for phpthumb in the existing extras, none seem to use it.
Can anyone tell me how the manager could be wrapped in an dodgy iframe like this?
Ta
Peter