How did that get into my PHP file?
Security is very tight this end, my password is unknown to anyone (I have changed it now though for added security), I do not have keyloggers or such and no-one apart from me has FTP access to that section of my account.
How did this happen?
It is hard to say excactly. However in all other cases that I have see in similar cases such exploits has gotten in via unsecure scripts.
I'm most cases via PHP Nuke, phpBB or similar systems. If you use such scripts I would advice you to check if it is fully updated with the newest patches.
I'm not at all blaming Dragonfly, but it's one of the scripts I have installed on that domain - although in a subfolder and does not have FTP access to anything.
Are there any known problems in Dragonfly that could have done this?
If it's not a server problem than perhaps a third party module problem. You have a lot of them. Even if 126.96.36.199. has some global input checking mechanisms I really don't know if it will stop all XSS attempts through insecure modules.
Would the $MAIN_CFG['global']['block_frames'] setting stop this kind of iframe code? (What is your block_frames setting?)
EDIT: I was looking at your WWW, and only just checked the defaced one. So they changed your index.php. Hmmm, if through a third party module, then I guess it must have been a module that uses file write...
Server specs (Server OS / Apache / MySQL / PHP / DragonflyCMS):
Joined: Jun 29, 2004