Last one was live-counter.net and also this one:
http://hosttracker.net/?click=123456
Also, from googling it, it looks like an iframe attack?
google "iframe attacks"
edit: exploiting the code/php I mean?
again, I am not an expert on this
Also, with FTP access, it seems very strange they have not caused total mayhem,