So hopefully you all can assist me. A website I help administrate has been compromised with the aforementioned threat as per avast.
If I inspect the content with chrome I can find the rogue iframe that injects the redirection, but I cannot figure out for the life of me where that hijack resides. I have overwritten the files to no avail.
The link is hxxp://pescience.com/store
I have been setting that up recently, and now comes this. I havent taken a good backup yet, so hopefully i can track down the culprit.
Any idea how these get infect websites? SQL Injection? Misconfigured perms?
Hopefully someone has ran across this and has a way to help!
I did see it right before the closing tag. Here is my predicament. I cannot for the life of me figure out what file it is pulling that from. Is there a tool to figure that out?
I don’t think there is a tool per say…it will probably be down to you checking all of the files for the website, and also checking passwords etc…ensuring all of your software is up to date…
Sorry I can’t help more than that…I only really know how to find the scripts…
hopefully someone else will be able to help a little more…
Please can you modify the link, to prevent others potentially becoming infected. (change http to hXXp) Thanks.
Yes, this looks to be similar to the one in the OP. The only difference is that it is there twice.
At the end of the page, just before the closing html/body tags.
