I recently started having issues with the admin interface of a website I run and decided to check the browser console to see if any errors were being displayed there. There were and among them was an error stating that a JavaScript map file being loaded (and failing) that I did not recognise. This meant that the actual JavaScript file itself was already loaded via my website. This set off all sorts of alarms for me and I started to dig in further. I checked the file system for any suspicious files, there were none. I checked the source code and templates for evidence of anything that has been added, there was nothing there. Yet all my pages were being served with the following injected into them just before the closing tag…
JavaScript
‘undefined’=== typeof _trfq || (window._trfq = []);’undefined’=== typeof _trfd && (window._trfd=[]),_trfd.push({‘tccl.baseHost’:’secureserver.net’}),_trfd.push({‘ap’:’cpsh’},{‘server’:’xxxxxxxx0000′}) // Monitoring performance to make your website faster. If you want to opt-out, please contact web hosting support.https://img1.wsimg.com/tcc/tcc_l.combined.1.0.6.min.js
Source: https://managewp.org/articles/18303/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it
source https://williechiu40.wordpress.com/2019/01/16/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/
No comments:
Post a Comment