Not DT question - js injection on site
Not DT question - js injection on site
tangerine
Posts: 3,365Questions: 39Answers: 395
Ignore me if you will, this isn't a DT problem. But I'm right out of ideas on this.
Someone or something is injecting some js code into the head section of my site. It is only visible in "view source" in Chrome.
Edge and Firefox don't show it.
You can see this js at dbopm.com using "view source" in Chrome. Almost at the top, by my Google Analytics code.
I found the same code here: https://github.com/Hannaanaya/Manipulaci-n_basica_del_DOM/blob/main/index.html FWIW.
Does anyone have any idea how to stop this?
In case my own system was doing this somehow, I uninstalled Chrome and installed a fresh copy. BitDefender and MalwareBytes now say "no problems".
If this is time-consuming, I'm happy to pay for your time. Hoping for some help,
Martin
This question has an accepted answers - jump to answer
Answers
Hi Martin,
I'm not seeing that code on your site at the moment (Firefox or Chrome). Have you managed to resolve it already?
If it is in "View source" then that means it was part of the response from the server for the raw HTML of the page - i.e. it was added in at the server-side and not the client-side.
I'd suggest
greping the server for a unique value in the code to see if you can identify where the file is coming from. Perhaps start from the home directory, and if needed just scan the whole root file system.Allan
Hi Alan. Many thanks for responding.
No, this isn't resolved. I had assumed it was visible to all through Chrome's view source, so I'm even more baffled now.
I'm not familiar with grep-ing servers, although I do know that grep is a unix search tool.
Is this something I could do through cPanel?
Thanks again,
Martin
Hey Martin,
This SO thread has some options, like
findstr, to grep through Windows servers.Kevin
Maybe it only shows up if you are logged in on your site? Try going to http://www.dbopm.com/ yourself in Incognito mode. Does the odd code appear there?
Also yes, grep is a unix utility. If you have CLI access to your cPanel server, you'll be able to run it there.
Allan
Thank you for your responses, guys. (And hi Kevin, nice to see you!)
Problem solved. The culprit was something called Kamo, which is an extra from CCleaner. Apparently it does some code injection , although I don't remember being told that when it was installed.
My clue was when I made my default browser Firefox instead of Chrome. The rogue js turned up in there, where it previously was not seen.
Anyway - thanks again.
Oh, injection in your local browser, not the site. A relief! I hate software that does s@#t like that...
Allan
B*******!