Menu
What's new
By:
Filters

What is this code? Bad?

Shane

Shane

Top Contributor
I just found this in the footer of some of my pages:

Code: 
<script type="text/javascript">
setTimeout(function(){var a=document.createElement("script");
var b=document.getElementsByTagName("script")[0];
a.src=document.location.protocol+"//dnn506yrbagrg.cloudfront.net/pages/scripts/0016/1269.js?"+Math.floor(new Date().getTime()/3600000);
a.async=true;a.type="text/javascript";b.parentNode.insertBefore(a,b)}, 1);
</script>

I can't remember putting it there and can't work out what it would be. I can only imagine it's something dodgy...

Any ideas?

Thanks :)
 
Shane

Shane

Top Contributor
Just found it on two other websites of mine which are on different servers. None of them are Wordpress sites.
 
A

Ash

Top Contributor
This might help... just scanned the article and found this part in a reply from the OP:

I found out that the malware is from cloudfront.net which is put out by Amazon and puts links for its advertisers into text of web pages. I didn't ask for this intrusion and do not appreciate Amazon giving me this invasive malware.
Click to expand...
 
A

Ash

Top Contributor
and further down he's found out the cause...

I found it, it was a Chrome extension: "TV for Google Chrome TM"
Click to expand...

I have the EXACT issue. It also redirects pages to ads on cloudfront.net at random times. Thanks to Kurt for staying with this. In my case the Chrome extension was TV Genie. As soon as I deleted it, all returned to normal. This code affected all of my browsers - Chrome, IE 10, and Firefox.
Click to expand...

Hopefully this helps you.
 
findtim

findtim

Top Contributor
i've had similar, i'd suggest going to your host company and reporting it as they don't like it happening either as it show a lack of security in other areas like code injection.

well picked up ash, good info

tim
 
Shane

Shane

Top Contributor
Thanks Ash & Tim. I had found that cloudfront.net was an Amazon property, but couldn't find much else.

I've deleted the code and hopefully it won't come back. Hosts will be notified.

Cheers.
 
Honan

Honan

Top Contributor
Shane said:
I just found this in the footer of some of my pages:

Code: 
<script type="text/javascript">
setTimeout(function(){var a=document.createElement("script");
var b=document.getElementsByTagName("script")[0];
a.src=document.location.protocol+"//dnn506yrbagrg.cloudfront.net/pages/scripts/0016/1269.js?"+Math.floor(new Date().getTime()/3600000);
a.async=true;a.type="text/javascript";b.parentNode.insertBefore(a,b)}, 1);
</script>

I can't remember putting it there and can't work out what it would be. I can only imagine it's something dodgy...

Any ideas?

Thanks :)
Click to expand...
Is it the click tracker Crazy Egg ? An alternative to Google analytics?



Sent from my GT-N8020 using DNTrade mobile app
 
Blue Wren

Blue Wren

Top Contributor
Honan may be on the money. I have Crazy Egg installed and I just found the same code on my site too.
 
  • Like
Reactions: Ash
Honan

Honan

Top Contributor
Shane said:
That's it!

It would be good if they put some sort of Crazy Egg reference into the code.

Now to go back and insert it back into those pages... :(
Click to expand...
That is at least the second time I have been right this century
Whoever said "Would you rather be right or happy?" Doesn't know how good it feels to be right.
Oh, and the other time I was right.
It was when I invested in a bunch of generic .net.au
( is that statement called trolling )
 
You must log in or register to reply here.

Community sponsors

Domain Parking Manager

AddMe Reputation Management

Digital Marketing Experts

Catch Expired Domains

Web Hosting

Members online

No members online now.
Total: 120 (members: 0, guests: 120)

Forum statistics

Threads
11,101
Messages
92,056
Members
2,394
Latest member
Spacemo

Latest posts

Share this page

Top