My site hacked: suspicious additions to .htaccess file

[yojoe]

Has anybody else encountered this and do anyof you have any suggestions to stop it happening again.

If you store unencrypted passwords in FTP app you use, infection might happen again. The same goes to all other users also having ftp accounts, and store them unencrypted. Their computers might be infected with a virus.

I suggest changing ftp passwords asap, and encrypt them or not store them at all. The same goes to main hosting account pass, if it's also used to connect to FTP.

Of course infection could happen through a security hole in another webapp or its plugin.