[TYPO3] weird url injection

[Debora]

Hi all,

To my horror I noticed that someone has been trying to hack my website (TYPO3 4.0.5,PHP 5.1.6 -> both being upgraded today). My site is multilingual and I always upgrade extensions by default. I also clear all cache at the start of each day manually...

What's the problem:
- The urls (both internal and external and inside google!) have this added to it: 
      ...      "?ref=Fuckonly.com" ...
- It does not 'do' anything (thank the gods), the pages are being displayed normally but with that annoying reference, but I DO NOT want to be affiliated with a p*rn site whatsoever!!!

The temporary "solution" ??
- I have no idea ... but I have cleared all cache and temp directories and it 'seems' to be gone for now. Luckily the only DB tables 'affected' are the statistics modules, which have logged everything of course... 

I have looked into the statistics and it seems to have happened for the first time around 16/17 march 2007. Always from different IP addresses. But what strikes me, is that the most affected language is Chinese(Simpl.) and just one or two URL's in Spanish/English... It seems to be a PHP problem, but I really don't now IF it's TYPO3 or PHP or both...

So what I would like to know, has this been a hack attempt ? Or a script kiddie? Or a spambot of some sort ?? Cause I have no idea...

Does anyone know how to prevent this from happening again ? 

Thanks!

Best regards,

Debbie