Thx Helter,
but what you mean with "Check Cpanel DNS" -- don ´t know where to find it - or if i have this.
I only got an "Account" at the webhoster. Configurable with confixx.
Fact is, somebody had the access to upload miscellaneous *.php files on my space hiding in miscellaneous paths of the integramod-installation. Some in the pafiledb-path - some in the AMOD-Path (see info below)
I don ´t know what i can do to get rid of this shit in future. I don ´t think that they made an bruteforceattack on my ftp-login - password is more than 12 characters long - with case sensitive chars + numbers + special characters.
[spoil:oot2032k]Dear Website Administrator,
>
> We are contacting you to report that your website tmhosting.de has been compromised and fraudulent content targeting our client Chase Bank has been placed at:
>
>
http://WEBSPACE/Amod/jewels/chase.html>
> IP Address: 109.xxx.xxx.xxx
>
> A criminal has placed this fake login page for the purpose of credit card fraud and identity theft. Please remove all files related to this attack and take action to secure your website.[/spoil:oot2032k]