One of my sites (the Snow Tire FAQ Forum --
http://www.snowtire.info/forum/) recently had a similar problem. One day it was working, and the next day it was completely gone (the directory was removed from the server)! After talking to support at wb-hosting I found out that my forum install had been compromised to the point that some malicious code was installing back doors to the system. As a automatic security measure, everything in those directories was quarantined. While not the best for my forum, I think it was the right course of action.
Once I had talked to them, they cleaned most of the infected files and restored the directory. I then went through and looked for extras, and there were some in all of the writable directories.
I have a more detailed post on this I will put in the security forum when I get out of work. I tried to post it Friday night, but I couldn't. For now,
http://www.cmsimple.dk/forum/viewtopic. ... 1ca5596ddf presents a good primer on what happened.
[edit] Look for "Sun May 07, 2006 9:38 pm" to get to a useful post. [/edit]I am not sure if it was a flaw in IM that allowed the placement of the original script, or if someone else on the share server got hit with a c99 shell install. (The c99 shell allows full access to the OS, including scannng for unprotected directories and automatic install of files in them.)
- John