Hi I've just noticed something strange on my DNN site. A random piece of script has appeared below the </form tag and above the Google Urchin tag. I'm not sure if it is an exploit related to a module, or DNN itself. I am running version 05.04.02 (66). Here is the script that is embedded at the bottom of the page:

<code>
<MARQUEE ONMOUSEOVER=this.start() width="2" SCROLLDELAY="22800"��HEIGHT="8" ONMOUSEOUT=this.stop() >links:<a href="http://www.nimade.info">nimade</a></marquee></code>

I haven't made any updates to the Default.aspx or other files in a while. I guess it must be an injection or issued with a module. I'm new to the DNN stuff, so I'm not sure where to start on this one. The site doesn't use too many modules. Mainly pageblaster, and the DigNuke flash module.

I don't know what to do, if I should just upgraded to the latest minor version of DNN, or how to investigate where the problem is originating from?

Hi Sebastian, I did as you suggested and you are correct, the offending code was in the default.aspx. What does this mean for me? Does that mean somebody has hacked the server, or is it still possible it was injected somehow?