Damn... that's an injection that could be in any file.
Check common.php, auth.php, page_header.php, page_tail.php and all overall_header.tpl of your templates.
Can you please check in the access log to see which request has been used for that?
How Informpro states, it could also be an hosting issue, but we cannot be 100% sure until you have access to the log files of your server and check how the injection has been performed.
Please report here if you find something else.
I'll do my best to help you with this issue.
Hmm, the problem might be bigger than I thought... My whole website appears to be offline now. But, it could also mean I have to pay my yearly invoice hehe.
Would be bad if I lost all my data.
I figured out a part of the problem:
All .html files where indeed infected with weird kind of codes (at least, not standard in IP and I did not insert those codes).
What I did is:
- I searched all .html files (with the use of FileZilla) en deleted them.
But I could not get the first line removed. Yesterday, I checked most common files:
- index files (not only index.php, but several index files where infected.)
Next, when you removed them: do not forget to change your password!!
But, with the host, or just my website being offline, I can not check those other files.
I read on the internet the iframe could indeed be in any file...
I will post here in what files it could be posted.
Im getting two suspicious loadings while loading the website (DO NOT CLICK THE LINKS OR GO TO THE WEBSITE! SPAM/ MALWARE Sites!)
-Pescasearch.info & erapost.
I do not know how to check the access log, is that the one you see instantly when logged in to IP admin panel?
Will keep you all posted. I read on several blogs they have this problem currently on a lot of sites.
And with Google Chrome introducing the anti-malware/phishing windows, you would not want this insertion on your Icy phoenix!
Thanks for the information
MG & Informpro, if you by any change got some other ideas which files could be infected, please let me know!
-OwnageWorld