finerpeter
I just got lucky on the refresh I guess
As for how often to change files - personally, every 90 days. All our servers get passwords changed every 90 days, as do most of the sites I visit. It's too easy to hack passwords (especially ones that a person would make), so use a random password generator to make the passwords. Most passwords for scripts or logins should have a minimum of 8 characters and for added security even 12 or 16.
Just to follow up further on this iFrame issue we have so far scanned 126 of our servers and have not had any other references to the live-counter site. All our servers are scanned by ScanAlert and ControlScan for PCI Compliance, and neither have detected intrusions through the server end of things, so this exploit through iFrame is very VERY odd.