Just to get it on file, this has happened me to. And after heavy reviwe of logs both the dH ones and my own checking custom scripts and more I can’t find any way someone has possibly been able to append and inject the spam urls to animal pr0n into both php, perl, text and binary files.
I have contacted support about it, but they say no tripwires on my server were trigged.
I have anon ftp but files changed aren’t accesible from it. My account resides on .bass.
A mediawiki of version 1.7.1 was running with the same user.
proftpd is at 1.3.0rc2
Maybe people can find some similarities as there doesn’t seem to be that many people affected. also if you don’t think you are affected try to search your files for parts of the following content: (go to this url to see the contents I have mentioned) http://utilitybase.com/paste/3541