i.?[:punct:]?.?f.?.?.?r.?.?.?a.?.?.?m.?.?.?e
That should find most iframe phrases when used in a SQL query, which I won’t lay out here (fairly easy to do with phpMyAdmin, it’s literally a copy and paste procedure in the “search” form just change the mode to the proper setting). I tested it against over a year and a half of my archives with some purposely planted and obscured iframes and it has no false positives. This will find any iframe obscured via methods found in attacks on Weblogs.us and it’s users. It may be advantageous to remember this for when Iframe-B-Gone is ready.
-John Havlik
[end of transmission, stay tuned]