unknown scripts are running and redirecting on click to unknown websties


unknown scripts are running and redirecting on click to unknown websties



Problem:- Sometimes, on clicking on NAVBAR menu or on any div on my bootstrap website, It redirects to ads or unknown links in new tab something like this.



http://cobalten.com/afu.php?zoneid=1365143&var=1492756



Imported links from hosted file:-


<link rel="stylesheet" type="text/css" href="cssbootstrap.min.css">

http://js/jquery.min.js
http://js/main.js
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js


<link rel="stylesheet" type="text/css" href="cssstyle.css">

<link href="https://fonts.googleapis.com/css?family=Montserrat" rel="stylesheet" type="text/css">

<link href="https://fonts.googleapis.com/css?family=Lato" rel="stylesheet" type="text/css">

<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.0.8/css/all.css" integrity="shaxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
crossorigin="anonymous">

https://maps.googleapis.com/maps/api/js?key=xxxxxxxxxxxxxxxxxxxxxxxxxx&callback=myMap



What I got in Inspection:-



I checked my code multiple times when there is no redirect on clicking menu..I found nothing suspicious...
BUT THEN when I got redirect links on click, I checked my code in browser and I can clearly see few script sources added to my files( Can see in Inspection mode in browsers only).They are not Written to my code. Unknown parts of my code are..



1) HERE The following 2 scripts are replacing script js/jquery.min.js in head tag


//117.240.205.115:3000/getjs?nadipdata=%7B%22url%22:%22%2Fjs%2Fjquery.min.js%22%2C%22referer%22:%22http:%2F%2Famans.xyz%2F%22%2C%22host%22:%22amans.xyz%22%2C%22categories%22:%5B0%5D%2C%22reputations%22:%5B1%5D%7D&screenheight=768&screenwidth=1360&tm=1530041241377&lib=true&fingerprint=c2VwLW5vLXJlZGlyZWN0

http://amans.xyz/js/jquery.min.js?cb=1530041241381&fingerprint=c2VwLW5vLXJlZGlyZWN0&onIframeFlag



2) This one is being added to body tag right after I imported google api


<span id="notiMain">
//go.oclasrv.com/apu.php?zoneid=1492761

http://rateus.co.in/common/js/jquery-1.7.1.js?cb=1530191489199&fingerprint=c2VwLW5vLXJlZGlyZWN0&onIframeFlag

<span id="notiMain">//go.oclasrv.com/apu.php?zoneid=1492761</span>



My OS is completely upgraded to WIN10 pro and I have installed only Chrome without any plugins...



The problem is browser independent as I got same results on EDGE and Firefox.



ANY JS EXPERT WHO CAN HELP ME OUT HERE





Sounds like a virus or JS injection. Not much we can do about that.
– Paulie_D
Jun 27 at 14:12





This may or may not help, but can you try serving your site over HTTPS? It would help determine where along the transport of your content the tampering is occuring.
– zero298
Jun 27 at 14:14




2 Answers
2



This issue that you are having is server-side. Likely nothing is wrong with your code, however the server is infected with malware injecting this bad code into your website.



To solve this, I would make a backup of the code you wrote, change your FTP hosting passwords, erase your server, and add your code back. If this does not solve the problem, then I would change hosting providers.





currently I am on shared hosting plan on Hostgator... As its a static website, I can't afford dedicated serve for a static website.. I can add a SSL Certificate to domain but don't know if that will solve my problem.... Hostgator Support was pathetic for same.. Their words were "what you want me to do".
– aman
Jun 27 at 19:35





Also, Do protection add-on like Sitelock Malware Protector on hostgator, even work to prevent malware attacks???. OR, I am guessing they are intentionally infecting shared hosting to sell their add-ons...Any Better malware free shared host provider with best uptime for Canada region.
– aman
Jun 27 at 19:55






I would recommend making a backup of all of your code that you know is free from malware, then deleting all files on the server that you have access to. Then changing all passwords (make them complex), then add your files back. Did you try this?
– Jake Chasan
Jun 27 at 19:56





That's the next step I will do.. BUT today When I contact and shared Hostgator the code and all ..They also said to change the passwords of al logins.. and when I got feedback window for hostgator support.. I got same redirect link when I clicked on ratings.. < script type="text/javascript" src="//go.oclasrv.com/apu.php?zoneid=1492761">< /script> I didn't even install anything else on my fresh Win10 system except chrome.. Even I got this problem on preinstalled EDGE before installing chrome.. Isn't it weird or anything wrong..??????
– aman
Jun 28 at 13:19






Have you been able to test this on another computer?
– Jake Chasan
yesterday



This seems to be a case of ISP injecting JavaScript files. Are you by any chance on the BSNL broadband?. For last few days, BSNL seems to be injecting Adware on Non HTTP sites.



The only solution I know is to host your site on https OR change your ISP.






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Comments

Post a Comment

Popular posts from this blog

paramiko-expect timeout is happening after executing the command

paramiko-expect timeout is happening after executing the command Can someone help me why timeout is happening after executing the command .I am trying to SSH to a machine and execute a command.I want to store the result of the executed command . I have referred paramiko-timeout but i didn't get my expected result. import traceback try: import paramiko except ImportError: raise Exception("Please install paramiko , pip install paramiko") import pexpect from paramiko_expect import SSHClientInteraction def main(): HOSTNAME = "minion5.net" USERNAME = "root" PASSWORD = "help@432" PROMPT = "root@*:~$s+" try: client = paramiko.SSHClient() client.load_system_host_keys() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.connect(hostname=HOSTNAME, username=USERNAME, password=PASSWORD) with SSHClientInteraction(client, timeout=20, display=True) as interact: ...
Read more

Export result set on Dbeaver to CSV

Export result set on Dbeaver to CSV Normally I use Dbeaver for windows and always export my result set like this: run my query --> select the result --> export the result set --> select export to clipboard --> done This step by step puts my result set in my clipboard and I can paste it wherever I want to work with it. The problem is that now I am using dbeaver for mac and this guide is not working. I can go on until the moment that I select my result set like in the image below: exporting data set But once I go further in the process, in the last step I get: no query Note that in "source" it was suppose to show the query that originated the result set, but instead it says just "select. As a result it does't select my result or anything (besides being "successful"). Normally my query would show up there automatically and I couldn't find any option that corrects this problem in the menus. Please help me! Thanks. Aft...
Read more

Opening a url is failing in Swift

Opening a url is failing in Swift breakpointing inside the callback and logging success shows false. I added itms-apps to my plist: LSApplicationQueriesSchemes and put this in my app delegate: func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey : Any] = [:]) -> Bool { return true } func moreTapped() { let url = NSURL(string: "itms-apps://itunes.com/developer/quantum-productions/id979315877") if #available(iOS 10.0, *) { UIApplication.shared.open(url! as URL, options: [:], completionHandler: {(success: Bool) in }) } else { UIApplication.shared.openURL(url! as URL) } } Are you testing on a real device? – rmaddy Jun 21 at 23:57 I try on a device, get "Cannot Connect to App Store". Device is online ...
Read more