Someone, somehow, edited every single one of my .htm, .html, or .shtml pages to append the following link to the bottom of the file: &--#60;iframe src="" style="visibility: hidden; position: absolute; left: 0px; top: 0px" width="10" height="10"/&--#62; between the two qoutes for 'src' is this: "http: // www.lwg-eichstaedt.de / counter.php" (remove the spaces ... I added them to deactivate the link here so as to not spread the malware). I did NOT do this to my pages. They were all done (presumably by script) at 9:30am on 17 May 2013. Questions: How did this happen? I would expect better security on the server. Is there anyone who can grep to do a global "find and replace" on my entire site? I've started downloading the site, but FTP chokes on me and dies midway through. I don't have the patience to figure out where it died and start from there ... over and over again. Related question: I can't get into my CPanel. I get the normal login screen, but then get "Thank You for installing cPanel / WHM." This server is currently not licensed. Please contact the server administrator. Other services available on this server such as web services are likely functioning normally. (License has a future date) Once the license on this server is active, you will no longer see this message. If you have installed a license since loading this page, click here to reload. here's the URL where I get that message: http://stevie.heliohost.org:2082/frontend/x3/index.phpcp . Is this related to being cracked/hacked?