[eluser]Ben Hirsch[/eluser]
We are also on rackspace cloud and 2 days ago have been noticing that porn links are being appended to the root level index.php file for multiple domains.
I am still trying to sort out where the compromise happened. Was it XSS, or does somebody have our master password? Freaking out a little bit. In security lockdown right now. I spent the entire day yesterday changing passwords only to awake to a fresh batch of new porn links today.
If you discover anything new, please let me know. Starting to think this could be a rackspace issue as only one person has our master password.