I found bank and party poker phishing sites in my UserFiles dir.
in the logs i found this
http://www.google.ro/search?q=allinurl: ... rt=10&sa=N
I have since turned of indexes so google can't just index directories (which was my fckup) but it brings up a larger question of people knowing the path to say ... /FCKeditor/editor/filemanager/upload/test.html or the such.
take heed, passwd protect your FCKeditor dir.
I got haxored through fcked