Thread Rating:
  • 2 Vote(s) - 3 Average
  • 1
  • 2
  • 3
  • 4
  • 5
javascript insertion hack
#1
I usually use Firefox for everything, until this last update and things are suddenly glitchy.
Anyhow I shifted over to Chrome and viewed one of my custom pages to discover that one of my concatenated javascript strings was truncated.  Upon reviewing the source code, I found:


Code:
<script type="text/javascript">(function (d, w) {var x = d.getElementsByTagName('SCRIPT')[0];var f = function () {var s = d.createElement('SCRIPT');s.type = 'text/javascript';s.async = true;s.src = "//np.lexity.com/embed/YW/430f91e6ae8346015757ce8d5007e306?id=a53e87e5422c";x.parentNode.insertBefore(s, x);};w.attachEvent ? w.attachEvent('onload',f) :w.addEventListener('load',f,false);}(document, window));</script>

Then I found other pages (custom ones and MyBB ones) to have this as well.
To me, this absolutely reeks of "everything got hacked!"
Can someone confirm that this has nothing to do with MyBB, so I can clear it all away?
Thanks.
Reply
#2
^ such code has nothing to do with MyBB (see search results on Google)
Reply
#3
Ugh!  What is the best way to remove this infection?
I can see it firing itself every couple of seconds, when I open of the Developer Tools -> Elements -> and expand the <head> @ http://www.powerpinochle.com/index.php. (it's viewable on all pages)
When I download an infected page via ftp and view it in notepad++ there is no trace of the nasty script.

I'm sure someone already knows a clever trick to quickly eliminate this trash.
Please share.
Reply
#4
If it's on multiple pages, it most likely was inserted somewhere in the templates. Perhaps try to reimport the theme from the original version?

If you have plugins installed and this doesn't resolve it, it may be something that is in a plugin template. Unless you have a large number of plugins, you could probably take a look at plugin templates found in the "global templates" category to see if something fishy is in there.
Reply
#5
lexity.com looks like something from yahoo and your site is hosted on yahoo servers. Not sure this is a hack .... best to contact your host and ask them whats up


**i think its some tracking script
Reply
#6
^ yes, it is a tracking script and it might be inserted by web host ..
Reply
#7
Phew, just got confirmation back from Yahoo and it's theirs.

Thank you for contacting Yahoo Small Business Support.

 I understand that you'd like to know about the specific code on your website. I apologize for the inconvenience.
 I have reviewed the code which you have provided in the email, this code is for Yahoo Live Web Insight feature which is available with all the Yahoo Web Hosting plans.
 Live Web Insights gives you a real-time view of how customers are navigating your website and makes personalized recommendations to help improve traffic.
 Thank you again for contacting Yahoo Small Business Support. We appreciate your business and look forward to assisting you in the future.
 Regards,
 Yahoo Small Business Support
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)