If you said you were suspicious I would look closely at the counter code. Is it popular software? where did it come from? that is a good way to trick non-technical person into inserting malicious code on the server.
(no need to hack if you put the bad code into your webpage for them)