PHP Code [TROJAN?] Where?

[Eazy_Efolife]

I'm getting complaints from people who went to http://ucp.south-westrp.com/UCP.php and they said there received Trojan warning from AVAST, Can someone look at this code and see where the problem is at?

Code:

<html>
<head>
<?php
  
  $sql = mysql_connect("BLOCKED", "BLOCKED", "BLOCKED");
  mysql_select_db(BLOCKED, $sql);
  if($_POST["fname"] && $_POST["ppassword"]) 
  {
    if(!isset($_POST['fname']) || !trim($_POST['fname'])) die('Please enter a name.');
    //foreach($_POST as $name=>$val) 
    // {
    //  $_POST[$name] = mysql_real_escape_string($val);
    //}
    $fname = $_POST["fname"];
    $ppassword = $_POST["ppassword"];
    $sql = mysql_query("SELECT * FROM players WHERE Name = '$fname' AND Password = '$ppassword' LIMIT 1");
    if(mysql_num_rows($sql)>0) 
    {
      echo("You are logged in!");
    }
    else 
    {
      echo("Password does not match, or there is no account!");
      return 0;
    }
  }
  else
  {
    echo("Password does not match, or there is no account!");
    return 0;
  }
?>

<?php
      $sql = mysql_connect("BLOCKED", "BLOCKED", "BLOCKED");
      $select = "SELECT * FROM players WHERE Name = '".mysql_real_escape_string($_POST['fname'])."'";
      $query = mysql_query($select) or die('MySQL error: '.mysql_error());
      mysql_select_db(BLOCKED, $sql);
      while($list = mysql_fetch_array($query)) {
      	?>
      	<div style="color: #FFFFFF;">
          Name: <?=$list['Name']?><br />
      		Level: <?=$list['PlayerLevel']?><br />
      		Admin Level: <?=$list['AdminLevel']?><br />
      		Moderator: <?=$list['Moderator']?><br />
      		Helper: <?=$list['Helper']?><br />
      		Money: <?=$list['Cash']?><br />
      		Skin: <?=$list['Skin']?><br />
      		Faction ID: <?=$list['Faction']?><br />
      		Faction Rank ID: <?=$list['Rank']?><br />
      		House Key: <?=$list['HouseKey']?><br />
      		Rent House Key: <?=$list['RHouseKey']?>
      	</div><br />
      	<?php
      }
      ?>
      
</head>
<body>
<p><center><b>_</center></p>
<body background="http://img43.imageshack.us/img43/7428/hometu.jpg">
</body>
</html>

edit: Someone told me it was Iframe, How do I remove it? ( The IFrame?)

[J.W.]

Hm, I get this warning usually if the Site has some popups with wierd content, do you have any popups, advertisements on your site?

[Eazy_Efolife]

Quote:

Originally Posted by WwW

Hm, I get this warning usually if the Site has some popups with wierd content, do you have any popups, advertisements on your site?

No

[KevKo95]

Also recieved a warning from AVG and McAfee SiteAdvisor actually pulled me away from the site, because it breaches security. The trojan is coming from this page:

Code:

jl.chura.pl/rc

Any idea what that is?

Edit: The problem does not appear to be from the page, I can't find anything to do with iFrames in there. It might be coming from your SQL database.

[Eazy_Efolife]

Quote:

Originally Posted by Kevin Fallow / KevKo

Also recieved a warning from AVG and McAfee SiteAdvisor actually pulled me away from the site, because it breaches security. The trojan is coming from this page:

Code:

jl.chura.pl/rc

Any idea what that is?

How can i get that page away from me?

[J.W.]

I found this, maybe it helps you.

http://www.110mb.com/forum/virus-ifr...-t44038.0.html

[Eazy_Efolife]

Quote:

Originally Posted by WwW

I found this, maybe it helps you.

http://www.110mb.com/forum/virus-ifr...-t44038.0.html

I used 110MB before, maybe i caught it from there?

[J.W.]

Quote:

Originally Posted by [SOMM

Compton's Eazy E ]

Quote:

I used 110MB before, maybe i caught it from there?

I don't know but from what I've read on different boards, it's a virus which injects hmtl, php or even java scripts on your computer, I guess you created the UCP yourself, the virus is probably on your computer.

[Eazy_Efolife]

Quote:

Originally Posted by WwW

Quote:

I don't know but from what I've read on different boards, it's a virus which injects hmtl, php or even java scripts on your computer, I guess you created the UCP yourself, the virus is probably on your computer.

damn =/ Well Whenever i upload one to my website hoster, I just edit the code on the website hoster and delete the code and it works I'm going to scam my computer in a sec and see if this virus goes away

[iLinx]

try a different webhost - 110mb sucks ass, infact all free web hosting sucks imho.
http://justhost.com
http://bluehost.com
^2 of the best rated cheap webhosts on the internet, ive used jh for around 6 months, never had any downtime or lag, if you need a cheap host you should go to them