I've been involved with over 250 websites in one capacity or another but my first site was just hacked. It is a custom CMS that I put on most sites. Not a 'customized' CMS rather one I built from scratch.

Somehow a hacker inserted some javascript code that ended up embedding itself at the very end of my index.php file that was an iframe which led to a site called 'mi-cr-o-sot-f.cn' (without the dashes) which is a pdf file containing a virus.

I'm trying to figure out where in the heck the vulnerability is. I'm sanitizing ALL of the inputs both from general users and administrators.

The site is on a dedicated server which I manage and the bug hasn't ended up on any other pages or sites on this server.

I'm trying to figure out how someone might be able to inject this code and put it on my index page.

Any ideas?