Not DT question - js injection on site

Not DT question - js injection on site

tangerinetangerine Posts: 3,365Questions: 39Answers: 395

Ignore me if you will, this isn't a DT problem. But I'm right out of ideas on this.
Someone or something is injecting some js code into the head section of my site. It is only visible in "view source" in Chrome.
Edge and Firefox don't show it.
You can see this js at dbopm.com using "view source" in Chrome. Almost at the top, by my Google Analytics code.
I found the same code here: https://github.com/Hannaanaya/Manipulaci-n_basica_del_DOM/blob/main/index.html FWIW.
Does anyone have any idea how to stop this?
In case my own system was doing this somehow, I uninstalled Chrome and installed a fresh copy. BitDefender and MalwareBytes now say "no problems".
If this is time-consuming, I'm happy to pay for your time. Hoping for some help,
Martin

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 63,441Questions: 1Answers: 10,459 Site admin

    Hi Martin,

    I'm not seeing that code on your site at the moment (Firefox or Chrome). Have you managed to resolve it already?

    If it is in "View source" then that means it was part of the response from the server for the raw HTML of the page - i.e. it was added in at the server-side and not the client-side.

    I'd suggest greping the server for a unique value in the code to see if you can identify where the file is coming from. Perhaps start from the home directory, and if needed just scan the whole root file system.

    Allan

  • tangerinetangerine Posts: 3,365Questions: 39Answers: 395

    Hi Alan. Many thanks for responding.
    No, this isn't resolved. I had assumed it was visible to all through Chrome's view source, so I'm even more baffled now.
    I'm not familiar with grep-ing servers, although I do know that grep is a unix search tool.
    Is this something I could do through cPanel?
    Thanks again,
    Martin

  • kthorngrenkthorngren Posts: 21,299Questions: 26Answers: 4,944

    Hey Martin,

    This SO thread has some options, like findstr, to grep through Windows servers.

    Kevin

  • allanallan Posts: 63,441Questions: 1Answers: 10,459 Site admin

    Maybe it only shows up if you are logged in on your site? Try going to http://www.dbopm.com/ yourself in Incognito mode. Does the odd code appear there?

    Also yes, grep is a unix utility. If you have CLI access to your cPanel server, you'll be able to run it there.

    Allan

  • tangerinetangerine Posts: 3,365Questions: 39Answers: 395

    Thank you for your responses, guys. (And hi Kevin, nice to see you!)
    Problem solved. The culprit was something called Kamo, which is an extra from CCleaner. Apparently it does some code injection , although I don't remember being told that when it was installed.
    My clue was when I made my default browser Firefox instead of Chrome. The rogue js turned up in there, where it previously was not seen.
    Anyway - thanks again.

  • allanallan Posts: 63,441Questions: 1Answers: 10,459 Site admin
    Answer ✓

    Oh, injection in your local browser, not the site. A relief! I hate software that does s@#t like that...

    Allan

  • tangerinetangerine Posts: 3,365Questions: 39Answers: 395

    B*******!

Sign In or Register to comment.