code in Javascript files is directly readable via browser

  • Hi, Can anybody point me in the direction of a solution for this: on many site folders, the code in Javascript files, in many directories, is readable via browser pages, just by entering the direct url to it. Godaddy is telling me they will suspend my site account, if I don’t take care of the issue. They gave me 72 hours to fix it.
    Via many virus checkers and firewall scans, I don’t find any evidence of hacking. all tests tell me that the website is clean of malware.
    Is this public readability of code in files on a browser, a normal thing? If not, what is causing it and how do I fix it?
    Thank you for your help.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • Hi, Can anybody point me in the direction of a solution for this: on many site folders, the code in Javascript files, in many directories, is readable via browser pages, just by entering the direct url to it.

    JavaScript is a client-side language, just like HTML and CSS. Code is expected to be readable via the browser for the browser to interpret.

    EVERY single website on the whole internet works this way, including GoDaddy’s own website, and there’s absolutely nothing wrong with that.

    Godaddy is telling me they will suspend my site account, if I don’t take care of the issue. They gave me 72 hours to fix it.

    This is so ridiculous… I want to believe there’s something more to the story… something is missing in translation… perhaps there’s some misunderstanding somewhere from either party.

    I’m suspecting the complaint may be about a JavaScript file found on your site with malware in it that they want you to remove, and not that the JavaScript can be opened in the browser.

    Are you able to share the relevant portion of your message from your host here? If you do, please redact any names, email addresses, and any other private or sensitive parts.

    Confused??.

    Thread Starter f_vincent

    (@f_vincent)

    Thank you George for your explanation. I appreciate your help

    Godaddy claimed that the site contained viruses. I called them saying that after many scans and tests, I could not find evidence of contaminated files. . They did some tests and confirmed that it was a false positive. They lifted the suspension ultimatum.

    I may have wrongly assummed that they were stating it that the issue is related to being able to access/read code in these files. I am not an expert in these things.

    In the meantime I found a way(code in htaccess) to hide the code in Javascript files on the browser. Should I keep it or remove it? If it is normal being able to read code in javascript in the browser via a URL it makes sense to remove it. Right?

    This is what godaddy wrote:

    Your services for blainegroupinc.com are at risk of being suspended.

    Your blainegroupinc.com domain name was found to contain viruses or content that violates our Universal Terms of Service.Due to the serious nature of this issue, you have 72 hours to take action. If any viruses or content that violates our Universal Terms of Service remains on your site after that time, it may become necessary to suspend our services.If you require assistance with this, please see the following instructions.To get you started, we have provided an example of the content accessible at the following location:wp-content/plugins/pixfort-core/dist/options/166.bundle.jsTo prevent future compromise, we recommend you:

    ? Reset all account passwords, e.g. FTP, applications, and databases

    ? Ensure your computers are free of viruses, trojans, key loggers, and other malware

    ? Keep up to date on all web applications, e.g. WordPress, Joomla, etc

    ? Keep up to date on all themes, plugins, and extensions

    If you have any questions or concerns, please contact customer support using the help link once you have logged into your account.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘code in Javascript files is directly readable via browser’ is closed to new replies.