Yes my site was hacked on Aug 11th, almost the same time as yours and since I have not FTP anything for over a year, I know for a fact there's no way the password would have been capture by malware or other viruses. I use Symantec Endpoint Protection v11 and it's been extremely good with any threats. And the same case as you I found that my site was compromised with code injected to my blogs through FTP. 2800 FTP requests went thru the same time from various IP location. I got it all cleaned though.

Now I know there's all these talks and I went thru the whole forums about this kind of infection, how it could be ME as the source of problem. And I can tell you it's all *. All the talsk about XSS or SQL Injection *. Why? Cos all of these will only touch one blog, not 5 blogs at once and certainly not 2800 files all in one go, and not via FTP. Lunarpages needs to own up to their end of responsibility too. How can I not be FTP'ing anything for so long to have my password exposed at any level??? In fact, it's much easier to have malware or keylogger capture my blog's password and deface my posts then to get the FTP password. Now once they have the FTP password, no security (e.g. upgrading to the latest version or anything like that) can help. The hacker could do anything to your site.

My conclusion is some sort of brute force attack happened. It just happened to CPANEL and continue to test and the password was 7 characters at the time so probably not need much to hack this one. You know, the worst thing is lunarpages' password doesn't even allow special characters, only A-Z 0-9, how easy is it to hack this, very easy. So I read that one admin advice you to type a 80 character long password and that'll overcome not able to use special character and will take forever to hack. Maybe. We'll see.

So anyway, to the person who posted this, can you let me know your lunarpages server name and maybe we can figure out if we happened to be on the same server?

Daniel, my server is "naos".  And you're right, it sure sounds like something else is going on, if you haven't used FTP in over a year.  That was the case for my friend as well -- hadn't used FTP in months, but someone logged in with his FTP account around the same time they hit mine.  And in both of our cases, it was the primary FTP account, which just happens to be the same username and password as the LP account.  I think all of this is more than a coincidence.

Mitch, the thread he was replying to was the one I started about this.  Yes, it was older, but hardly unrelated, since he had the same problem at the same time.  I think it would have been better left as it was.  For anyone wanting to read the original thread, it was here:  Was your site hacked at 3am on August 12th?

Russell