Delete the files.

Go into Webmaster Tools and remove the pages indexed that are offensive.

Check your htaccess file has not been played with.

If the files are all in one folder and are all .jpg for example, use your robots.txt file to disallow that folder and the file type like so:

User-agent: *
Disallow: /folder1/folder2/*.jpg$

CHANGE YOUR FTP LOGIN DETAILS NOW.

And then wait, that's what I did a few months back and all is fine now. I must say that it is very disappointing that there are people out there like that, it's a wonderful world isn't it...

Good luck!

My best unhacked sites run since 2 1/2 years now on

Debian, do hosts.allow deny. Reverse squid with exclusions, mod_dos, ssh restricted login, firewall, check your logs and exclude where possible attackers, although I have now so many attackers that I would basically spent the whole day doing this. I think good hosting providers will also give you a certain level of protection. If you can and don't need it blank anything out from china. They don't get the english of the OS and their systems get attacked in drones as launch platforms for further attacks.

I wonder what my new OpenSUSE will bring ..

If you have the time of course, maybe it's more simple and efficient just to play a backup in in case a scriptkiddie comes. Any time wasted on chasing security issues is not spent on site development.

I had two major incidents in the last ten years and I usually start a fresh system. The last 5 years I had nothing, but knock on wood.. probably tomorrow I'll eat my own words..

Thanks pico train. Changed my ftp login etc. My site is totally flash and runs from index.html only - no other htmls. I've checked it out thoroughly and so has my webhost for anything and replaced it with a new index for now (saying we're having tech difficulties). I've requested cached deletion through webmaster tools as well, and put in no snippet meta tage in my new html. Is that all I can do? and wait for a crawl. Will it disappear and never be seen again? (i hope) Thanks again for your prompt reply

Make sure your password is as difficult as possible to crack, at least 10 numerals/digits, upper and lower case. Make sure frontpage is disallowed, it's a major security problem. Check on whether or not your host has a decent security record, some of them are hacked over and over again. If you have access to IPtables block off all of APNIC, AFRINIC, Israel and all USA universities. I speak from experience ...

I had a few security issues this year with some of the sites I was hosting for clients. Every single incident turned out to be through the morons that had done the programming and had allowed the sites to be hacked via XSS/Sql Injection etc rather than a problem with the FTP. If its a blog/forum etc id recomend installing the latest versions etc. If its a site you coded yourself just go through and sanitise all user inputs.