Hello Experts,
I seem to have a JS that is slowing down my site. When entering www.lsg.se the site calls this address https://bit.wo.tc/js/lib/js.js and freeze for several seconds. Every click calls this address and makes the site really slow. There no content in the link.
Is this a malware? How can I find the source of the problem?
Any suggestions would be greatly appreciated.
Solved! Go to Solution.
I followed the recommendation to get an account on Sucuri. They found and removed the malware but after a few hours it was back again! Sucuri seems to be OUT OF OFFICE on weekends so if you have a problem outside their Monday-friday 9-5 working hours you just have to shut the site down.
Anyways got hold of a security expert who found a fake admin account. The site is clean up and running now. Thanks all for help and suggestions.
Hello,
on line 91 of your index page you have <script type="text/javascript" src="https://bit.wo.tc/js/lib/js.js"></script> presume thats where the problem lies!
Let me know if this helped!
presumably suppose to be <script type="text/javascript" src="http://lsg.se/js/varien/js.js"></script> instead?
The link "bit.wo.tc/js/lib/js.js" seem very dodgy as it seems to be a free subdomain service.
I ran your website through Sucuri SiteCheck and it confirmed that your website is infected with malware:-
Javascript included from a blacklisted domain. Details: http://sucuri.net/malware/entry/MW:BLK:2 Javascript: bit.wo.tc
Thanks a lot for the response,
This suggests were the problem lies:
"on line 91 of your index page you have <script type="text/javascript" src="https://bit.wo.tc/js/lib/js.js"></script> presume thats where the problem lies!"
However in file manager locating index.php at /lsg.se/public_html there is only 83 lines and no script like the above.
Were exactly in the file structure is the correct index.php file were this bad scrip sits? I have downloaded all index.php files and manually search all of them for the script without finding it.
Yes the site was hacked last year. I got help installing upgrade and site have been working fine since then besides being somewhat heavy and slow. Maybe this script is leftover from the hack?
Would really appreciate more exact instructions on how I can locate this script. Is there some kind of tool available that can search file content?
This may be a leftover from the previous hack or it may be a new hack.
At this point I highly recommend that you engage with a professional like Sucuri to go through all of your files and clean them up one by one.
I used chrome to locate it here's an image; https://drive.google.com/open?id=126NdO_OriDsdv_glL_iPdCcTqNYyCVfT
I followed the recommendation to get an account on Sucuri. They found and removed the malware but after a few hours it was back again! Sucuri seems to be OUT OF OFFICE on weekends so if you have a problem outside their Monday-friday 9-5 working hours you just have to shut the site down.
Anyways got hold of a security expert who found a fake admin account. The site is clean up and running now. Thanks all for help and suggestions.