What's new

What is this code? Bad?

Shane

Top Contributor
I just found this in the footer of some of my pages:

Code:
<script type="text/javascript">
setTimeout(function(){var a=document.createElement("script");
var b=document.getElementsByTagName("script")[0];
a.src=document.location.protocol+"//dnn506yrbagrg.cloudfront.net/pages/scripts/0016/1269.js?"+Math.floor(new Date().getTime()/3600000);
a.async=true;a.type="text/javascript";b.parentNode.insertBefore(a,b)}, 1);
</script>

I can't remember putting it there and can't work out what it would be. I can only imagine it's something dodgy...

Any ideas?

Thanks :)
 
Just found it on two other websites of mine which are on different servers. None of them are Wordpress sites.
 
This might help... just scanned the article and found this part in a reply from the OP:

I found out that the malware is from cloudfront.net which is put out by Amazon and puts links for its advertisers into text of web pages. I didn't ask for this intrusion and do not appreciate Amazon giving me this invasive malware.
 
and further down he's found out the cause...

I found it, it was a Chrome extension: "TV for Google Chrome TM"

I have the EXACT issue. It also redirects pages to ads on cloudfront.net at random times. Thanks to Kurt for staying with this. In my case the Chrome extension was TV Genie. As soon as I deleted it, all returned to normal. This code affected all of my browsers - Chrome, IE 10, and Firefox.

Hopefully this helps you.
 
i've had similar, i'd suggest going to your host company and reporting it as they don't like it happening either as it show a lack of security in other areas like code injection.

well picked up ash, good info

tim
 
Thanks Ash & Tim. I had found that cloudfront.net was an Amazon property, but couldn't find much else.

I've deleted the code and hopefully it won't come back. Hosts will be notified.

Cheers.
 
I just found this in the footer of some of my pages:

Code:
<script type="text/javascript">
setTimeout(function(){var a=document.createElement("script");
var b=document.getElementsByTagName("script")[0];
a.src=document.location.protocol+"//dnn506yrbagrg.cloudfront.net/pages/scripts/0016/1269.js?"+Math.floor(new Date().getTime()/3600000);
a.async=true;a.type="text/javascript";b.parentNode.insertBefore(a,b)}, 1);
</script>

I can't remember putting it there and can't work out what it would be. I can only imagine it's something dodgy...

Any ideas?

Thanks :)
Is it the click tracker Crazy Egg ? An alternative to Google analytics?



Sent from my GT-N8020 using DNTrade mobile app
 
That's it!

It would be good if they put some sort of Crazy Egg reference into the code.

Now to go back and insert it back into those pages... :(
That is at least the second time I have been right this century
Whoever said "Would you rather be right or happy?" Doesn't know how good it feels to be right.
Oh, and the other time I was right.
It was when I invested in a bunch of generic .net.au
( is that statement called trolling )
 

Community sponsors

Domain Parking Manager

AddMe Reputation Management

Digital Marketing Experts

Catch Expired Domains

Web Hosting

Members online

No members online now.

Trending content

Forum statistics

Threads
11,107
Messages
92,086
Members
2,394
Latest member
Spacemo
Top