8
I'm running on 2.5.6.
I have done a completely fresh install and run into a norton popup about this:
In my source code I found this line: "http://skinnalicious.net/final/browse.php?Frameworks/jquery/jquery.js".
That redirects to: "http://9eklkgar7iuibw80yth0kjt.akaytel.com.tr/index.php?r=eHFibmFtYT1wZ2xhcXJ0biZ0aW1lPTEzMTAyOTExMzktNjc3ODY1OTIyJnNyYz0yNjUmc3VybD1za2lubmFsaWNpb3VzLm5ldCZzcG9ydD04MCZrZXk9REY0NEE3MTUmc3VyaT0vZmluYWwvYnJvd3NlLnBocCUzZkZyYW1ld29ya3MvanF1ZXJ5L2pxdWVyeS5qcw=="
I really can't find the file that holds the line "http://skinnalicious.net/final/browse.php?Frameworks/jquery/jquery.js". Is there anyone who can lead me in the right direction? The weirtd thing is that there isn't a directory Frameworks/jquery at all.
According to my hosting provider the server is completely clean. However, every fresh install runs into the same problem. So there are a couple of possibilities in my opinion:
1 - the server is compromised, despite what my provider says
2 - the code is falsly recognised as being maicious
3 - I'm using xoops parts(theme, module a.s.o) that somehow has been infected
4 - I'm doing something completely wrong
Whichever it is, I would like to solve it if possible before I decide to move everything away from this host. Any suggestions?